delve-1.25.2-2.el9_7
エラータID: AXSA:2026-275:01
リリース日:
2026/03/09 Monday - 15:59
題名:
delve-1.25.2-2.el9_7
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Go の crypto/tls パッケージには、Config 内の ClientCAs
フィールドまたは RootCAs フィールドが最初のハンドシェイクと再開後
のハンドシェイクの間で変更されている場合、本来失敗するはずの再開後
のハンドシェイクが成功してしまう問題があるため、リモートの攻撃者に
より、不正な認証を可能とする脆弱性が存在します。(CVE-2025-68121)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-68121
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
追加情報:
N/A
ダウンロード:
SRPMS
- delve-1.25.2-2.el9_7.src.rpm
MD5: aa5a7a26f8c9bace1d10996f0a9e7260
SHA-256: b5b7fc010d25e5e503c14ab8075fbb76c991450e2b665f639464bb722d511f1d
Size: 9.29 MB
Asianux Server 9 for x86_64
- delve-1.25.2-2.el9_7.x86_64.rpm
MD5: 3cadb855acd70e289e27a3f60007503e
SHA-256: 080f655157fd908450c08bf2bfa53d17af792a8396b36f0cf32543d9e9b18d16
Size: 5.53 MB
English