Mageia 9: 2025-0021 critical: golang UDP header and URI bypass

mageia

January 23, 2025

net/http: sensitive headers incorrectly sent after cross-domain redirect, (CVE-2024-45336)

Summary

net/http: sensitive headers incorrectly sent after cross-domain redirect, (CVE-2024-45336). crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints, (CVE-2024-45341).

References

- https://bugs.mageia.org/show_bug.cgi?id=33940

- https://www.openwall.com/lists/oss-security/2025/01/17/1

- https://www.cve.org/CVERecord?id=CVE-2024-45336

- https://www.cve.org/CVERecord?id=CVE-2024-45341

Topics Covered

security advisory update cross-domain golang Mageia sensitive headers URI name constraint

Resolution

SRPMS

- 9/core/golang-1.22.11-1.mga9

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 23 Jan 2025

URL: https://advisories.mageia.org/MGASA-2025-0021.html

Type: security

CVE: CVE-2024-45336, CVE-2024-45341

Topics Covered

security advisory update cross-domain golang Mageia sensitive headers URI name constraint

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 9: 2025-0021 critical: golang UDP header and URI bypass

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 9: 2025-0021 critical: golang UDP header and URI bypass

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!