An update for golang is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2864 Final 1.0 1.0 2025-12-30 Initial 2025-12-30 2025-12-30 openEuler SA Tool V1.0 2025-12-30 golang security update An update for golang is now available for openEuler-22.03-LTS-SP3 . Security Fix(es): crypto/x509: Exclude subdomain constraints do not restrict wildcard SANs Exclude subdomain constraints in certificate chains do not restrict the use of wildcard SANs in leaf certificates. For example, excluding the constraint on the subdomain test.example.com does not prevent the leaf certificate from claiming SAN*. example.com.(CVE-2025-61727) An update for golang is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium golang https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2864 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-61727 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 openEuler-22.03-LTS-SP3 golang-1.17.3-46.oe2203sp3.aarch64.rpm golang-1.17.3-46.oe2203sp3.src.rpm golang-1.17.3-46.oe2203sp3.x86_64.rpm golang-devel-1.17.3-46.oe2203sp3.noarch.rpm golang-help-1.17.3-46.oe2203sp3.noarch.rpm crypto/x509: Exclude subdomain constraints do not restrict wildcard SANs Exclude subdomain constraints in certificate chains do not restrict the use of wildcard SANs in leaf certificates. For example, excluding the constraint on the subdomain test.example.com does not prevent the leaf certificate from claiming SAN*. example.com. 2025-12-30 CVE-2025-61727 openEuler-22.03-LTS-SP3 Medium 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N golang security update 2025-12-30 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2864