The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents golang: html/template: improper handling of JavaScript whitespace net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding golang: crypto/tls: large handshake records may cause panics golang: net/http, mime/multipart: denial of service from excessive resource consumption golang.org/x/net/html: Cross site scripting golang: net/http, net/textproto: denial of service from excessive memory allocation golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption golang: go/parser: Infinite loop in parsing golang: html/template: backticks not treated as string delimiters golang: html/template: improper sanitization of CSS values containerd: Supplementary groups are not set up properly runc: Rootless runc makes `/sys/fs/cgroup` writable runc: volume mount race condition runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration golang: html/template: improper handling of empty HTML attributes golang: net/ http: insufficient sanitization of Host header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.