Vulnerability CVE-2024-24787: Information
Description
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
golang | sisyphus | 1.22.3-alt1 | 1.22.3-alt1 | ALT-PU-2024-7548-1 | 347664 | Fixed |
golang | sisyphus_riscv64 | 1.22.3-alt1 | 1.22.3-alt1 | ALT-PU-2024-7660-1 | - | Fixed |
golang | sisyphus_loongarch64 | 1.22.3-alt1 | 1.22.3-alt1 | ALT-PU-2024-7625-1 | - | Fixed |
golang | p10 | 1.21.10-alt1 | 1.21.10-alt1 | ALT-PU-2024-7550-2 | 347665 | Fixed |
golang | c10f1 | 1.21.10-alt1 | 1.21.10-alt1 | ALT-PU-2024-7585-2 | 347667 | Fixed |
golang | p11 | 1.22.3-alt1 | 1.22.3-alt1 | ALT-PU-2024-7548-1 | 347664 | Fixed |