An update for golang is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1791 Final 1.0 1.0 2024-07-05 Initial 2024-07-05 2024-07-05 openEuler SA Tool V1.0 2024-07-05 golang security update An update for golang is now available for openEuler-24.03-LTS . Security Fix(es): The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.(CVE-2024-24789) An update for golang is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium golang https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1791 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 openEuler-24.03-LTS golang-1.21.4-13.oe2403.src.rpm golang-1.21.4-13.oe2403.x86_64.rpm golang-devel-1.21.4-13.oe2403.noarch.rpm golang-help-1.21.4-13.oe2403.noarch.rpm golang-1.21.4-13.oe2403.aarch64.rpm The archive/zip package s handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. 2024-07-05 CVE-2024-24789 openEuler-24.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N golang security update 2024-07-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1791