{"id":"MGASA-2024-0217","summary":"Updated golang packages fix security vulnerabilities","details":"The archive/zip package's handling of certain types of invalid zip files\ndiffers from the behavior of most zip implementations. This misalignment\ncould be exploited to create an zip file with contents that vary\ndepending on the implementation reading the file. The archive/zip\npackage now rejects files containing these errors. (CVE-2024-24789)\nThe various Is methods (IsPrivate, IsLoopback, etc) did not work as\nexpected for IPv4-mapped IPv6 addresses, returning false for addresses\nwhich would return true in their traditional IPv4 forms.\n(CVE-2024-24790)\n","modified":"2026-04-16T04:42:49.173610367Z","published":"2024-06-14T01:31:37Z","upstream":["CVE-2024-24789","CVE-2024-24790"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0217.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33269"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2024/06/04/1"}],"affected":[{"package":{"name":"golang","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/golang?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.21.11-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0217.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}