All errata/sisyphus_loongarch64/ALT-PU-2026-1129-1
ALT-PU-2026-1129-1

Package update rclone in branch sisyphus_loongarch64

Version1.72.1-alt1
Task#0
Published2026-01-08
Max severityHIGH
Severity:

Closed issues (2)

BDU:2025-16242
HIGH7.5

Уязвимость функции HostnameError.Error() пакета crypto/x509 языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-12-24Modified: 2026-04-20
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C
References
CVE-2025-61729
HIGH7.5

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Published: 2025-12-02Modified: 2025-12-19
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References