Red Hat Security Advisory: container-tools:rhel8 security update
🔗 CVE IDs covered (9)
📋 Description
CVE-2023-45290 — golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm CVE-2024-1394 — golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-3727 — containers/image: digest type does not guarantee valid type CVE-2024-6104 — go-retryablehttp: url might write sensitive information to log file CVE-2024-24783 — golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24784 — golang: net/mail: comments in display names are incorrectly handled CVE-2024-24789 — golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-37298 — gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization CVE-2024-37891 — urllib3: proxy-authorization request header is not stripped during cross-origin redirects
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2024:5258
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2262921
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2268017
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2268019
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2268021
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2274767
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2292668
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2294000
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2295010
- externalhttps://issues.redhat.com/browse/RHEL-40800
- externalhttps://issues.redhat.com/browse/RHEL-40801
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5258.json