Advisories » MGASA-2025-0326

Updated golang packages fix security vulnerabilities

Publication date: 13 Dec 2025
Modification date: 13 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-61727 , CVE-2025-61729

Description

Improper application of excluded DNS name constraints when verifying
wildcard names in crypto/x509. (CVE-2025-61727)
Excessive resource consumption when printing error string for host
certificate validation in crypto/x509. (CVE-2025-61729)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34810
• https://www.openwall.com/lists/oss-security/2025/12/05/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61727
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729

SRPMS

9/core

• golang-1.24.11-1.mga9