An update for golang is now available for openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1771 Final 1.0 1.0 2024-06-28 Initial 2024-06-28 2024-06-28 openEuler SA Tool V1.0 2024-06-28 golang security update An update for golang is now available for openEuler-20.03-LTS-SP4. The Go Programming Language. Security Fix(es): The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.(CVE-2024-24789) An update for golang is now available for openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium golang https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1771 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 openEuler-20.03-LTS-SP4 golang-1.15.7-45.oe2003sp4.aarch64.rpm golang-help-1.15.7-45.oe2003sp4.noarch.rpm golang-devel-1.15.7-45.oe2003sp4.noarch.rpm golang-1.15.7-45.oe2003sp4.src.rpm golang-1.15.7-45.oe2003sp4.x86_64.rpm The archive/zip package s handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. 2024-06-28 CVE-2024-24789 openEuler-20.03-LTS-SP4 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N golang security update 2024-06-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1771