Vulnerability CVE-2024-24783: Information
Description
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
golang | sisyphus | 1.22.1-alt1 | 1.22.3-alt1 | ALT-PU-2024-3506-1 | 342122 | Fixed |
golang | sisyphus_riscv64 | 1.22.1-alt1 | 1.22.3-alt1 | ALT-PU-2024-4203-1 | - | Fixed |
golang | sisyphus_loongarch64 | 1.22.1-alt1 | 1.22.3-alt1 | ALT-PU-2024-3594-1 | - | Fixed |
golang | p10 | 1.21.8-alt1 | 1.21.10-alt1 | ALT-PU-2024-3504-2 | 342123 | Fixed |
golang | c10f1 | 1.21.8-alt1 | 1.21.10-alt1 | ALT-PU-2024-4847-5 | 343662 | Fixed |