{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"golang security update", "category":"general", "title":"Synopsis" }, { "text":"An update for golang is now available for openEuler-20.03-LTS-SP4", "category":"general", "title":"Summary" }, { "text":".\n\nSecurity Fix(es):\n\ncrypto/x509: Exclude subdomain constraints do not restrict wildcard SANs Exclude subdomain constraints in certificate chains do not restrict the use of wildcard SANs in leaf certificates. For example, excluding the constraint on the subdomain test.example.com does not prevent the leaf certificate from claiming SAN*. example.com.(CVE-2025-61727)", "category":"general", "title":"Description" }, { "text":"An update for golang is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"golang", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-2863", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2863" }, { "summary":"CVE-2025-61727", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-61727&packageName=golang" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61727" }, { "summary":"openEuler-SA-2025-2863 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openEuler-SA-2025-2863.json" } ], "title":"An update for golang is now available for openEuler-20.03-LTS-SP4", "tracking":{ "initial_release_date":"2025-12-31T10:22:54+08:00", "revision_history":[ { "date":"2025-12-31T10:22:54+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-12-31T10:22:54+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-12-31T10:22:54+08:00", "id":"openEuler-SA-2025-2863", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openEuler-20.03-LTS-SP4", "name":"openEuler-20.03-LTS-SP4" }, "name":"openEuler-20.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"golang-1.15.7-58.oe2003sp4.src.rpm", "name":"golang-1.15.7-58.oe2003sp4.src.rpm" }, "name":"golang-1.15.7-58.oe2003sp4.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"golang-1.15.7-58.oe2003sp4.x86_64.rpm", "name":"golang-1.15.7-58.oe2003sp4.x86_64.rpm" }, "name":"golang-1.15.7-58.oe2003sp4.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"golang-devel-1.15.7-58.oe2003sp4.noarch.rpm", "name":"golang-devel-1.15.7-58.oe2003sp4.noarch.rpm" }, "name":"golang-devel-1.15.7-58.oe2003sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"golang-help-1.15.7-58.oe2003sp4.noarch.rpm", "name":"golang-help-1.15.7-58.oe2003sp4.noarch.rpm" }, "name":"golang-help-1.15.7-58.oe2003sp4.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"golang-1.15.7-58.oe2003sp4.aarch64.rpm", "name":"golang-1.15.7-58.oe2003sp4.aarch64.rpm" }, "name":"golang-1.15.7-58.oe2003sp4.aarch64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"golang-1.15.7-58.oe2003sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:golang-1.15.7-58.oe2003sp4.src", "name":"golang-1.15.7-58.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"golang-1.15.7-58.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:golang-1.15.7-58.oe2003sp4.x86_64", "name":"golang-1.15.7-58.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"golang-devel-1.15.7-58.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:golang-devel-1.15.7-58.oe2003sp4.noarch", "name":"golang-devel-1.15.7-58.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"golang-help-1.15.7-58.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:golang-help-1.15.7-58.oe2003sp4.noarch", "name":"golang-help-1.15.7-58.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"golang-1.15.7-58.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:golang-1.15.7-58.oe2003sp4.aarch64", "name":"golang-1.15.7-58.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-61727", "notes":[ { "text":"crypto/x509: Exclude subdomain constraints do not restrict wildcard SANs Exclude subdomain constraints in certificate chains do not restrict the use of wildcard SANs in leaf certificates. For example, excluding the constraint on the subdomain test.example.com does not prevent the leaf certificate from claiming SAN*. example.com.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:golang-1.15.7-58.oe2003sp4.src", "openEuler-20.03-LTS-SP4:golang-1.15.7-58.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:golang-devel-1.15.7-58.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:golang-help-1.15.7-58.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:golang-1.15.7-58.oe2003sp4.aarch64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:golang-1.15.7-58.oe2003sp4.src", "openEuler-20.03-LTS-SP4:golang-1.15.7-58.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:golang-devel-1.15.7-58.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:golang-help-1.15.7-58.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:golang-1.15.7-58.oe2003sp4.aarch64" ], "details":"golang security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2863" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:golang-1.15.7-58.oe2003sp4.src", "openEuler-20.03-LTS-SP4:golang-1.15.7-58.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:golang-devel-1.15.7-58.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:golang-help-1.15.7-58.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:golang-1.15.7-58.oe2003sp4.aarch64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-61727" } ] }