Advisories » MGASA-2025-0021

Updated golang packages fix security vulnerabilities

Publication date: 23 Jan 2025
Modification date: 23 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45336 , CVE-2024-45341

Description

net/http: sensitive headers incorrectly sent after cross-domain
redirect, (CVE-2024-45336).
crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints,
(CVE-2024-45341).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33940
• https://www.openwall.com/lists/oss-security/2025/01/17/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341

SRPMS

9/core

• golang-1.22.11-1.mga9