{"affected":[{"ecosystem_specific":{"binaries":[{"go1.24":"1.24.9-150000.1.42.1","go1.24-doc":"1.24.9-150000.1.42.1","go1.24-race":"1.24.9-150000.1.42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP6","name":"go1.24","purl":"pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.9-150000.1.42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.24":"1.24.9-150000.1.42.1","go1.24-doc":"1.24.9-150000.1.42.1","go1.24-race":"1.24.9-150000.1.42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP7","name":"go1.24","purl":"pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.9-150000.1.42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.24":"1.24.9-150000.1.42.1","go1.24-doc":"1.24.9-150000.1.42.1","go1.24-race":"1.24.9-150000.1.42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS","name":"go1.24","purl":"pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.9-150000.1.42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.24":"1.24.9-150000.1.42.1","go1.24-doc":"1.24.9-150000.1.42.1","go1.24-race":"1.24.9-150000.1.42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","name":"go1.24","purl":"pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.9-150000.1.42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.24":"1.24.9-150000.1.42.1","go1.24-doc":"1.24.9-150000.1.42.1","go1.24-race":"1.24.9-150000.1.42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","name":"go1.24","purl":"pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.9-150000.1.42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.24":"1.24.9-150000.1.42.1","go1.24-doc":"1.24.9-150000.1.42.1","go1.24-race":"1.24.9-150000.1.42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS","name":"go1.24","purl":"pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.9-150000.1.42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.24":"1.24.9-150000.1.42.1","go1.24-doc":"1.24.9-150000.1.42.1","go1.24-race":"1.24.9-150000.1.42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS","name":"go1.24","purl":"pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.9-150000.1.42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.24":"1.24.9-150000.1.42.1","go1.24-doc":"1.24.9-150000.1.42.1","go1.24-race":"1.24.9-150000.1.42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP3-LTSS","name":"go1.24","purl":"pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.9-150000.1.42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.24":"1.24.9-150000.1.42.1","go1.24-doc":"1.24.9-150000.1.42.1","go1.24-race":"1.24.9-150000.1.42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","name":"go1.24","purl":"pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.9-150000.1.42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.24":"1.24.9-150000.1.42.1","go1.24-doc":"1.24.9-150000.1.42.1","go1.24-race":"1.24.9-150000.1.42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP5-LTSS","name":"go1.24","purl":"pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.9-150000.1.42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.24":"1.24.9-150000.1.42.1","go1.24-doc":"1.24.9-150000.1.42.1","go1.24-race":"1.24.9-150000.1.42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP3","name":"go1.24","purl":"pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.9-150000.1.42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.24":"1.24.9-150000.1.42.1","go1.24-doc":"1.24.9-150000.1.42.1","go1.24-race":"1.24.9-150000.1.42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","name":"go1.24","purl":"pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.9-150000.1.42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.24":"1.24.9-150000.1.42.1","go1.24-doc":"1.24.9-150000.1.42.1","go1.24-race":"1.24.9-150000.1.42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP5","name":"go1.24","purl":"pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.9-150000.1.42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.24":"1.24.9-150000.1.42.1","go1.24-doc":"1.24.9-150000.1.42.1","go1.24-race":"1.24.9-150000.1.42.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 7.1","name":"go1.24","purl":"pkg:rpm/suse/go1.24&distro=SUSE%20Enterprise%20Storage%207.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.9-150000.1.42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.24":"1.24.9-150000.1.42.1","go1.24-doc":"1.24.9-150000.1.42.1","go1.24-race":"1.24.9-150000.1.42.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"go1.24","purl":"pkg:rpm/opensuse/go1.24&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.9-150000.1.42.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for go1.24 fixes the following issues:\n\ngo1.24.9 (released 2025-10-13) includes fixes to the crypto/x509\npackage. (bsc#1236217)\n\n* crypto/x509: TLS validation fails for FQDNs with trailing dot\n\ngo1.24.8 (released 2025-10-07) includes security fixes to the\narchive/tar, crypto/tls, crypto/x509, encoding/asn1,\nencoding/pem, net/http, net/mail, net/textproto, and net/url\npackages, as well as bug fixes to the compiler, the linker, and\nthe debug/pe, net/http, os, and sync/atomic packages.\n(bsc#1236217)\n\n  CVE-2025-58189 CVE-2025-61725 CVE-2025-58188 CVE-2025-58185 CVE-2025-58186 CVE-2025-61723 CVE-2025-58183 CVE-2025-47912 CVE-2025-58187 CVE-2025-61724:\n\n  * bsc#1251255 CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information\n  * bsc#1251253 CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress\n  * bsc#1251260 CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys\n  * bsc#1251258 CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion\n  * bsc#1251259 CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion\n  * bsc#1251256 CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs\n  * bsc#1251261 CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map\n  * bsc#1251257 CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames\n  * bsc#1251254 CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints\n  * bsc#1251262 CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse\n  * os: Root.OpenRoot sets incorrect name, losing prefix of original root\n  * debug/pe: pe.Open fails on object files produced by llvm-mingw 21\n  * cmd/link: panic on riscv64 with CGO enabled due to empty container symbol\n  * net: new test TestIPv4WriteMsgUDPAddrPortTargetAddrIPVersion fails on plan9\n  * os: new test TestOpenFileCreateExclDanglingSymlink fails on Plan 9\n  * crypto/internal/fips140/rsa: requires a panic if self-tests fail\n  * net/http: internal error: connCount underflow\n  * cmd/compile: internal compiler error with GOEXPERIMENT=cgocheck2 on github.com/leodido/go-urn\n  * sync/atomic: comment for Uintptr.Or incorrectly describes return value\n","id":"SUSE-SU-2025:3682-1","modified":"2025-10-20T13:12:10Z","published":"2025-10-20T13:12:10Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20253682-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236217"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251253"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251254"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251255"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251256"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251257"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251258"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251259"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251260"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251261"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251262"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47912"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58183"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58185"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58186"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58187"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58188"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58189"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61723"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61724"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61725"}],"related":["CVE-2025-47912","CVE-2025-58183","CVE-2025-58185","CVE-2025-58186","CVE-2025-58187","CVE-2025-58188","CVE-2025-58189","CVE-2025-61723","CVE-2025-61724","CVE-2025-61725"],"summary":"Security update for go1.24","upstream":["CVE-2025-47912","CVE-2025-58183","CVE-2025-58185","CVE-2025-58186","CVE-2025-58187","CVE-2025-58188","CVE-2025-58189","CVE-2025-61723","CVE-2025-61724","CVE-2025-61725"]}