Red Hat Security Advisory: container-tools:4.0 security update
🔗 CVE IDs covered (9)
📋 Description
CVE-2022-2879 — golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers CVE-2022-2880 — golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-27664 — golang: net/http: handle server errors after sending GOAWAY CVE-2022-41715 — golang: regexp/syntax: limit memory used by parsing regexps CVE-2023-29409 — golang: crypto/tls: slow verification of certificate chains containing large RSA keys CVE-2023-39318 — golang: html/template: improper handling of HTML-like comments within script contexts CVE-2023-39319 — golang: html/template: improper handling of special tags within script contexts CVE-2023-39321 — golang: crypto/tls: panic when processing post-handshake message on QUIC connections CVE-2023-39322 — golang: crypto/tls: lack of a limit on buffered post-handshake
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2024:0121
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2124669
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2132867
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2132868
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2132872
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2228743
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2237773
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2237776
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2237777
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2237778
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0121.json