Overview

File _patchinfo of Package patchinfo.41880

<patchinfo incident="41880">
  <issue tracker="bnc" id="1236217">go1.24 release tracking</issue>
  <issue tracker="bnc" id="1254431">VUL-0: CVE-2025-61729: go1.24,go1.25: crypto/x509: excessive resource consumption in printing error string for host certificate validation</issue>
  <issue tracker="bnc" id="1245878">update-alternatives migration: go</issue>
  <issue tracker="bnc" id="1254430">VUL-0: CVE-2025-61727: go1.24,go1.25: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs</issue>
  <issue tracker="cve" id="2025-61727"/>
  <issue tracker="cve" id="2025-61729"/>
  <packager>jfkw</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for go1.24</summary>
  <description>This update for go1.24 fixes the following issues:
  
Update to version 1.24.11.

Security issues fixed:

- CVE-2025-61727: crypto/x509: excluded subdomain constraint in a certificate chain does not restrict the usage of
  wildcard SANs in leaf certificates (bsc#1254430).
- CVE-2025-61729: crypto/x509: excessive resource consumption when constructing error strings during host certificate
  validation (bsc#1254431).

Other issues fixed:
  
- go#76378: internal/cpu: incorrect CPU features bit parsing on loong64 cause illegal instruction core dumps on LA364
  cores.
- Packaging: migrate from update-alternatives to libalternatives (bsc#1245878).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places