{"affected":[{"ecosystem_specific":{"binaries":[{"go1.17":"1.17.9-150000.1.28.1","go1.17-doc":"1.17.9-150000.1.28.1","go1.17-race":"1.17.9-150000.1.28.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP3","name":"go1.17","purl":"pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.17.9-150000.1.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.17":"1.17.9-150000.1.28.1","go1.17-doc":"1.17.9-150000.1.28.1","go1.17-race":"1.17.9-150000.1.28.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Real Time 15 SP2","name":"go1.17","purl":"pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.17.9-150000.1.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.17":"1.17.9-150000.1.28.1","go1.17-doc":"1.17.9-150000.1.28.1","go1.17-race":"1.17.9-150000.1.28.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"go1.17","purl":"pkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.17.9-150000.1.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.17":"1.17.9-150000.1.28.1","go1.17-doc":"1.17.9-150000.1.28.1","go1.17-race":"1.17.9-150000.1.28.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"go1.17","purl":"pkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.17.9-150000.1.28.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for go1.17 fixes the following issues:\n\n- Updated to version 1.17.9 (bsc#1190649):\n  - CVE-2022-24675: Fixed a stack overflow via crafted PEM file (bsc#1198423).\n  - CVE-2022-28327: Fixed a potential panic when using big P-256 scalars in the\n    crypto/elliptic module (bsc#1198424).\n","id":"SUSE-SU-2022:1411-1","modified":"2022-04-26T15:49:12Z","published":"2022-04-26T15:49:12Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20221411-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190649"},{"type":"REPORT","url":"https://bugzilla.suse.com/1198423"},{"type":"REPORT","url":"https://bugzilla.suse.com/1198424"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-24675"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-28327"}],"related":["CVE-2022-24675","CVE-2022-28327"],"summary":"Security update for go1.17","upstream":["CVE-2022-24675","CVE-2022-28327"]}