All errata/sisyphus/ALT-PU-2020-1302-2
ALT-PU-2020-1302-2

Package update golang in branch sisyphus

Version1.13.8-alt1
Task#246715
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (5)

BDU:2020-00181
HIGH8.1

Уязвимость интерфейса программирования приложений Windows CryptoAPI (Crypt32.dll) операционных систем Windows, позволяющая нарушителю обойти существующие ограничения безопасности и реализовать атаку типа «человек посередине»

Published: 2020-01-20
CVSS 3.xHIGH 8.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVSS 2.0CRITICAL 9.4
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:N
References
BDU:2021-01915
HIGH7.5

Уязвимость библиотек crypto/x509 и golang.org/x/crypto/cryptobyte языка программирования GO, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-04-06Modified: 2023-11-21
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C
References
CVE-2020-0601
HIGH8.1

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.

Published: 2020-01-14Modified: 2025-12-18
CVSS 2.0MEDIUM 5.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS 3.xHIGH 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
References
CVE-2020-7919
HIGH7.5

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

Published: 2020-03-16Modified: 2024-11-21
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
GHSA-cjjc-xp8v-855w
HIGH7.5

Helm uses crypto package vulnerable to panic from malformed X.509 certificate

Published: 2021-06-23Modified: 2024-05-31
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References