Red Hat Bug Fix Advisory: MTV 2.4.3 Images

CVE-2022-32190 — golang: net/url: JoinPath does not strip relative path components in all circumstances CVE-2022-41723 — golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding CVE-2022-41724 — golang: crypto/tls: large handshake records may cause panics CVE-2022-41725 — golang: net/http, mime/multipart: denial of service from excessive resource consumption CVE-2023-3978 — golang.org/x/net/html: Cross site scripting CVE-2023-24534 — golang: net/http, net/textproto: denial of service from excessive memory allocation CVE-2023-24536 — golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption CVE-2023-24537 — golang: go/parser: Infinite loop in parsing CVE-2023-24538 — golang: html/template: backticks not treated as string delimiters CVE-2023-24539 — golang: html/template: improper sanitization of CSS values CVE-2023-29400 — golang: html/template: improper handling of empty HTML attributes CVE-2023-29409 — golang: crypto/tls: slow verification of certificate chains containing large RSA keys CVE-2023-39325 — golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) CVE-2023-44487 — HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)