惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Security Affairs
美团技术团队
量子位
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
小众软件
小众软件
Microsoft Azure Blog
Microsoft Azure Blog
Apple Machine Learning Research
Apple Machine Learning Research
MongoDB | Blog
MongoDB | Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园 - 叶小钗
N
Netflix TechBlog - Medium
大猫的无限游戏
大猫的无限游戏
J
Java Code Geeks
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cyber Attacks, Cyber Crime and Cyber Security
Recent Announcements
Recent Announcements
Cisco Talos Blog
Cisco Talos Blog
L
LangChain Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 三生石上(FineUI控件)
U
Unit 42
T
Tenable Blog
Security Latest
Security Latest
Scott Helme
Scott Helme
B
Blog
C
Cybersecurity and Infrastructure Security Agency CISA
NISL@THU
NISL@THU
L
Lohrmann on Cybersecurity
A
Arctic Wolf
S
Schneier on Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
酷 壳 – CoolShell
酷 壳 – CoolShell
I
Intezer
Know Your Adversary
Know Your Adversary
云风的 BLOG
云风的 BLOG
有赞技术团队
有赞技术团队
雷峰网
雷峰网
The Cloudflare Blog
Cloudbric
Cloudbric
Latest news
Latest news
Project Zero
Project Zero
S
Secure Thoughts
V
Visual Studio Blog
博客园 - Franky
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
W
WeLiveSecurity

Arch Linux Security Advisories

[ASA-202506-6] python-django: content spoofing - Arch Linux [ASA-202506-5] konsole: arbitrary code execution [ASA-202506-3] samba: access restriction bypass [ASA-202506-2] curl: denial of service [ASA-202506-1] roundcubemail: arbitrary code execution [ASA-202505-15] ghostscript: information disclosure - Arch Linux [ASA-202505-14] bind: denial of service [ASA-202505-13] varnish: content spoofing - Arch Linux [ASA-202505-12] go: directory traversal - Arch Linux [ASA-202505-11] freetype2: arbitrary code execution [ASA-202505-10] python-django: denial of service [ASA-202505-9] dropbear: arbitrary command execution [ASA-202505-8] nodejs-lts-iron: multiple issues - Arch Linux [ASA-202505-7] nodejs-lts-jod: denial of service
[ASA-202506-4] go: multiple issues - Arch Linux
Arch Linux S · 2025-06-07 · via Arch Linux Security Advisories

ASA-202506-4 log generated external raw

[ASA-202506-4] go: multiple issues

Arch Linux Security Advisory ASA-202506-4 ========================================= Severity: Medium Date : 2025-06-07 CVE-ID : CVE-2025-4673 CVE-2025-22874 Package : go Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2896 Summary ======= The package go before version 1.24.4-1 is vulnerable to multiple issues including certificate verification bypass and information disclosure. Resolution ========== Upgrade to 1.24.4-1. # pacman -Syu "go>=1.24.4-1" The problems have been fixed upstream in version 1.24.4. Workaround ========== None. Description =========== - CVE-2025-4673 (information disclosure) net/http: Proxy-Authorization and Proxy-Authenticate headers were not cleared during cross-origin redirects, potentially leaking sensitive credentials in proxy-authenticated environments. - CVE-2025-22874 (certificate verification bypass) crypto/x509: When VerifyOptions.KeyUsages includes ExtKeyUsageAny, certificate policy validation is unintentionally disabled. This affects certificate chains with policy constraints, which are uncommon but security-relevant when used. Impact ====== A remote attacker can exploit Go's HTTP client to leak proxy credentials via cross-origin redirects, or bypass certificate policy validation when ExtKeyUsageAny is used during TLS verification. References ========== https://github.com/golang/go/issues/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A/m/XDxq7uidAgAJ https://go.dev/doc/devel/release#go1.24.4 https://github.com/golang/go/issues/73612 https://security.archlinux.org/CVE-2025-4673 https://security.archlinux.org/CVE-2025-22874