RHSA-2024:2988 -- Redhat aardvark-dns, buildah, cockpit-podman, conmon, container-selinux, containernetworking-plugins, containers-common, criu, crun, fuse-overlayfs, libslirp, netavark, oci-seccomp-bpf-hook, podman, python-podman, runc, skopeo, slirp4netns, toolbox, udica, python3-podman, crit, python3-criuID: oval:org.secpod.oval:def:509393 | Date: (C)2024-06-05 (M)2024-06-24 |
Class: PATCH | Family: unix |
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents golang: crypto/tls: certificate of wrong type is causing TLS client to panic golang: archive/tar: unbounded memory consumption when reading headers golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters golang: regexp/syntax: limit memory used by parsing regexps golang: crypto/tls: slow verification of certificate chains containing large RSA keys golang: html/template: improper handling of HTML-like comments within script contexts golang: html/template: improper handling of special tags within script contexts golang: crypto/tls: panic when processing post-handshake message on QUIC connections golang: crypto/tls: lack of a limit on buffered post-handshake golang: net/http/internal: Denial of Service via Resource Consumption via HTTP requests golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. urllib3: Request body not stripped after redirect from 303 status changes request method to GET ssh: Prefix truncation attack on Binary Packet Protocol moby/buildkit: Possible race condition with accessing subpaths from cache mounts For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.
Platform: |
Red Hat Enterprise Linux 8 |
Product: |
aardvark-dns |
buildah |
cockpit-podman |
conmon |
container-selinux |
containernetworking-plugins |
containers-common |
criu |
crun |
fuse-overlayfs |
libslirp |
netavark |
oci-seccomp-bpf-hook |
podman |
python-podman |
runc |
skopeo |
slirp4netns |
toolbox |
udica |
python3-podman |
crit |
python3-criu |