All errata/p10/ALT-PU-2026-2347-5
ALT-PU-2026-2347-5

Package update golang in branch p10

Version1.24.13-alt1
Task#407552
Published2026-03-26
Max severityHIGH
Severity:

Closed issues (7)

BDU:2026-00268
MEDIUM6.5

Уязвимость языка программирования Go, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

Published: 2026-01-12Modified: 2026-04-20
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS 2.0MEDIUM 6.4
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N
References
BDU:2026-02553
HIGH8.6

Уязвимость компонента cmd/cgo языка программирования Go, позволяющая нарушителю выполнить произвольный код

Published: 2026-03-06Modified: 2026-04-15
CVSS 3.xHIGH 8.6
CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2026-03601
HIGH7.0

Уязвимость языка программирования Golang, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

Published: 2026-03-25
CVSS 3.xHIGH 7.0
CVSS:3.x/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0MEDIUM 6.0
CVSS:2.0/AV:L/AC:H/Au:S/C:C/I:C/A:C
References
CVE-2025-61727
MEDIUM6.5

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

Published: 2025-12-03Modified: 2025-12-18
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
References
CVE-2025-68119
HIGH7.0

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.

Published: 2026-01-28Modified: 2026-02-06
CVSS 3.xHIGH 7.0
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References
GHSA-mjcp-gpgx-ggcg
MEDIUM5.9

OpenTofu incorrectly validates excluded subdomain constraint in conjunction with TLS certificates containing wildcard SANs

Published: 2025-12-10
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
References

Closed bugs (1)

Bug #57661

Отсутствуют файлы для WebAssembly