惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
Stack Overflow Blog
Stack Overflow Blog
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
T
The Blog of Author Tim Ferriss
博客园 - 叶小钗
N
Netflix TechBlog - Medium
腾讯CDC
C
Check Point Blog
P
Proofpoint News Feed
Engineering at Meta
Engineering at Meta
GbyAI
GbyAI
S
SegmentFault 最新的问题
F
Fortinet All Blogs
美团技术团队
U
Unit 42
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园 - 司徒正美
F
Full Disclosure
Recorded Future
Recorded Future
D
DataBreaches.Net
博客园 - 【当耐特】
Martin Fowler
Martin Fowler
J
Java Code Geeks
I
InfoQ
Y
Y Combinator Blog
A
About on SuperTechFans
AI
AI
爱范儿
爱范儿
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Forbes - Security
Forbes - Security
W
WeLiveSecurity
M
MIT News - Artificial intelligence
雷峰网
雷峰网
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
Schneier on Security
Schneier on Security
The GitHub Blog
The GitHub Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
aimingoo的专栏
aimingoo的专栏
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
G
GRAHAM CLULEY
Know Your Adversary
Know Your Adversary
Latest news
Latest news
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
D
Docker
Recent Commits to openclaw:main
Recent Commits to openclaw:main
量子位
V2EX - 技术
V2EX - 技术
Project Zero
Project Zero

Arch Linux Security Advisories

[ASA-202506-6] python-django: content spoofing - Arch Linux [ASA-202506-5] konsole: arbitrary code execution [ASA-202506-4] go: multiple issues - Arch Linux [ASA-202506-3] samba: access restriction bypass [ASA-202506-2] curl: denial of service [ASA-202506-1] roundcubemail: arbitrary code execution [ASA-202505-15] ghostscript: information disclosure - Arch Linux [ASA-202505-14] bind: denial of service [ASA-202505-13] varnish: content spoofing - Arch Linux [ASA-202505-11] freetype2: arbitrary code execution [ASA-202505-10] python-django: denial of service [ASA-202505-9] dropbear: arbitrary command execution [ASA-202505-8] nodejs-lts-iron: multiple issues - Arch Linux [ASA-202505-7] nodejs-lts-jod: denial of service
[ASA-202505-12] go: directory traversal - Arch Linux
Arch Linux S · 2025-05-20 · via Arch Linux Security Advisories

ASA-202505-12 log generated external raw

[ASA-202505-12] go: directory traversal

Arch Linux Security Advisory ASA-202505-12 ========================================== Severity: Low Date : 2025-05-19 CVE-ID : CVE-2025-22873 Package : go Type : directory traversal Remote : No Link : https://security.archlinux.org/AVG-2878 Summary ======= The package go before version 2:1.24.3-1 is vulnerable to directory traversal. Resolution ========== Upgrade to 2:1.24.3-1. # pacman -Syu "go>=2:1.24.3-1" The problem has been fixed upstream in version 1.24.3. Workaround ========== None. Description =========== It was possible to improperly access the parent directory of a restricted filesystem root created with os.DirFS. Calling Open("../") on such a filesystem could open the parent directory itself, violating expected directory confinement. This escape did not allow access to ancestor directories beyond the parent, nor to files within the parent directory. This behavior has been corrected to return an error for such paths. Impact ====== A local attacker or untrusted component running within a Go application could bypass directory confinement by accessing the parent directory of a restricted os.DirFS root using a "../" path. References ========== https://github.com/golang/go/issues/73555 https://go.dev/doc/devel/release#go1.24.3 https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ?pli=1 https://security.archlinux.org/CVE-2025-22873