## This update for go1.24 fixes the following issues: Update to go1.24.11. Security issues fixed: * CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames (bsc#1251257). * CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map (bsc#1251261). * CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion (bsc#1251258). * CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion (bsc#1251259). * CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints (bsc#1251254). * CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys (bsc#1251260). * CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker
* bsc#1236217
* bsc#1245878
* bsc#1247816
* bsc#1248082
* bsc#1249985
* bsc#1251253
* bsc#1251254
* bsc#1251255
* bsc#1251256
* bsc#1251257
* bsc#1251258
* bsc#1251259
* bsc#1251260
* bsc#1251261
* bsc#1251262
* bsc#1254430
* bsc#1254431
Cross-
* CVE-2025-47912
* CVE-2025-58183
* CVE-2025-58185
* CVE-2025-58186
* CVE-2025-58187
* CVE-2025-58188
* CVE-2025-58189
* CVE-2025-61723
* CVE-2025-61724
* CVE-2025-61725
* CVE-2025-61727
* CVE-2025-61729
CVSS scores:
* CVE-2025-47912 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47912 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-47912 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-58183 ( SUSE ): 4.8
Get the latest Linux and open source security news straight to your inbox.