Описание
ELSA-2024-12190: conmon security update (IMPORTANT)
conmon [2.1.3-8]
- address CVE-2023-39326
cri-o [1.25.5-1]
- Added Oracle Specifile Files for cri-o
cri-tools [1.25.0-3]
- Resolve CVE-2023-39326
flannel-cni-plugin [1.0.1-4]
- Resolve CVE-2023-39326
helm [3.11.1-3]
- address CVE-2023-39326
istio [1.16.7-3]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326
kata [1.12.1-17]
- Include OL9 for kernel-uek-container (currently in UEKR7_developer_preview)
kata-agent [1.12.1-11]
- Rebuild with -11 tag
[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326
kata-image [1.12.1-11]
- Rebuild with -11 tag
[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326
kata-ksm-throttler [1.12.1-11]
- Rebuild with -11 tag
[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326
kata-proxy [1.12.1-11]
- Rebuild with -11 tag
[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326
kata-runtime [1.12.1-11]
- Rebuild with -11 tag
[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326
kata-shim [1.12.1-11]
- Rebuild with -11 tag
[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326
kubernetes [1.25.15-2]
- Address CVE-2023-39326 by upgrading golang to 1.20.12
kubernetes-cni [1.0.1-4]
- address CVE-2023-39326
kubernetes-cni-plugins [1.0.1-5]
- address CVE-2023-39326
olcne [1.6.6-3]
- Fixed pod-network:calico update
yq [4.34.1-4]
- Update Golang to 1.20.12 to address CVE-2023-39326
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
conmon
2.1.3-8.el8
kata
1.12.1-17.el8
kata-agent
1.12.1-11.el8
kata-image
1.12.1-11.11.ol8_202312212317
kata-ksm-throttler
1.12.1-11.el8
kata-proxy
1.12.1-11.el8
kata-runtime
1.12.1-11.el8
kata-shim
1.12.1-11.el8
yq
4.34.1-4.el8
Oracle Linux x86_64
conmon
2.1.3-8.el8
cri-o
1.25.5-1.el8
cri-tools
1.25.0-3.el8
flannel-cni-plugin
1.0.1-4.el8
helm
3.11.1-3.el8
istio
1.16.7-3.el8
istio-istioctl
1.16.7-3.el8
kata
1.12.1-17.el8
kata-agent
1.12.1-11.el8
kata-image
1.12.1-11.11.ol8_202312212317
kata-ksm-throttler
1.12.1-11.el8
kata-proxy
1.12.1-11.el8
kata-runtime
1.12.1-11.el8
kata-shim
1.12.1-11.el8
kubeadm
1.25.15-2.el8
kubectl
1.25.15-2.el8
kubelet
1.25.15-2.el8
kubernetes-cni
1.0.1-4.el8
kubernetes-cni-plugins
1.0.1-5.el8
olcne-agent
1.6.6-3.el8
olcne-api-server
1.6.6-3.el8
olcne-calico-chart
1.6.6-3.el8
olcne-gluster-chart
1.6.6-3.el8
olcne-grafana-chart
1.6.6-3.el8
olcne-istio-chart
1.6.6-3.el8
olcne-metallb-chart
1.6.6-3.el8
olcne-multus-chart
1.6.6-3.el8
olcne-nginx
1.6.6-3.el8
olcne-oci-ccm-chart
1.6.6-3.el8
olcne-olm-chart
1.6.6-3.el8
olcne-prometheus-chart
1.6.6-3.el8
olcne-utils
1.6.6-3.el8
olcnectl
1.6.6-3.el8
yq
4.34.1-4.el8
Связанные CVE
Связанные уязвимости
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
A malicious HTTP sender can use chunk extensions to cause a receiver r ...
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.