Описание
ELSA-2024-12191: container-tools:4.0 security update (MODERATE)
buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp oci-seccomp-bpf-hook podman [2:4.0.2-26]
- rebuild with golang 1.20.12 for CVE-2023-39326
python-podman runc [1:1.1.12-1.0.1]
- rebuild with golang 1.20.12 for CVE-2023-39326
skopeo slirp4netns udica
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module container-tools:4.0 is enabled
aardvark-dns
1.0.1-38.0.1.module+el8.9.0+90165+ead7974e
buildah
1.24.6-7.module+el8.9.0+90165+ead7974e
buildah-tests
1.24.6-7.module+el8.9.0+90165+ead7974e
cockpit-podman
46-1.module+el8.9.0+90165+ead7974e
conmon
2.1.4-2.module+el8.9.0+90165+ead7974e
container-selinux
2.205.0-3.module+el8.9.0+90165+ead7974e
containernetworking-plugins
1.1.1-6.module+el8.9.0+90165+ead7974e
containers-common
1-38.0.1.module+el8.9.0+90165+ead7974e
crit
3.15-3.module+el8.9.0+90165+ead7974e
criu
3.15-3.module+el8.9.0+90165+ead7974e
criu-devel
3.15-3.module+el8.9.0+90165+ead7974e
criu-libs
3.15-3.module+el8.9.0+90165+ead7974e
crun
1.8.7-1.module+el8.9.0+90165+ead7974e
fuse-overlayfs
1.9-2.module+el8.9.0+90165+ead7974e
libslirp
4.4.0-1.module+el8.9.0+90165+ead7974e
libslirp-devel
4.4.0-1.module+el8.9.0+90165+ead7974e
netavark
1.0.1-38.0.1.module+el8.9.0+90165+ead7974e
oci-seccomp-bpf-hook
1.2.5-2.module+el8.9.0+90165+ead7974e
podman
4.0.2-26.module+el8.9.0+90165+ead7974e
podman-catatonit
4.0.2-26.module+el8.9.0+90165+ead7974e
podman-docker
4.0.2-26.module+el8.9.0+90165+ead7974e
podman-gvproxy
4.0.2-26.module+el8.9.0+90165+ead7974e
podman-plugins
4.0.2-26.module+el8.9.0+90165+ead7974e
podman-remote
4.0.2-26.module+el8.9.0+90165+ead7974e
podman-tests
4.0.2-26.module+el8.9.0+90165+ead7974e
python3-criu
3.15-3.module+el8.9.0+90165+ead7974e
python3-podman
4.0.0-2.module+el8.9.0+90165+ead7974e
runc
1.1.12-1.0.1.module+el8.9.0+90165+ead7974e
skopeo
1.6.2-9.module+el8.9.0+90165+ead7974e
skopeo-tests
1.6.2-9.module+el8.9.0+90165+ead7974e
slirp4netns
1.1.8-3.module+el8.9.0+90165+ead7974e
udica
0.2.6-4.module+el8.9.0+90165+ead7974e
Oracle Linux x86_64
Module container-tools:4.0 is enabled
aardvark-dns
1.0.1-38.0.1.module+el8.9.0+90165+ead7974e
buildah
1.24.6-7.module+el8.9.0+90165+ead7974e
buildah-tests
1.24.6-7.module+el8.9.0+90165+ead7974e
cockpit-podman
46-1.module+el8.9.0+90165+ead7974e
conmon
2.1.4-2.module+el8.9.0+90165+ead7974e
container-selinux
2.205.0-3.module+el8.9.0+90165+ead7974e
containernetworking-plugins
1.1.1-6.module+el8.9.0+90165+ead7974e
containers-common
1-38.0.1.module+el8.9.0+90165+ead7974e
crit
3.15-3.module+el8.9.0+90165+ead7974e
criu
3.15-3.module+el8.9.0+90165+ead7974e
criu-devel
3.15-3.module+el8.9.0+90165+ead7974e
criu-libs
3.15-3.module+el8.9.0+90165+ead7974e
crun
1.8.7-1.module+el8.9.0+90165+ead7974e
fuse-overlayfs
1.9-2.module+el8.9.0+90165+ead7974e
libslirp
4.4.0-1.module+el8.9.0+90165+ead7974e
libslirp-devel
4.4.0-1.module+el8.9.0+90165+ead7974e
netavark
1.0.1-38.0.1.module+el8.9.0+90165+ead7974e
oci-seccomp-bpf-hook
1.2.5-2.module+el8.9.0+90165+ead7974e
podman
4.0.2-26.module+el8.9.0+90165+ead7974e
podman-catatonit
4.0.2-26.module+el8.9.0+90165+ead7974e
podman-docker
4.0.2-26.module+el8.9.0+90165+ead7974e
podman-gvproxy
4.0.2-26.module+el8.9.0+90165+ead7974e
podman-plugins
4.0.2-26.module+el8.9.0+90165+ead7974e
podman-remote
4.0.2-26.module+el8.9.0+90165+ead7974e
podman-tests
4.0.2-26.module+el8.9.0+90165+ead7974e
python3-criu
3.15-3.module+el8.9.0+90165+ead7974e
python3-podman
4.0.0-2.module+el8.9.0+90165+ead7974e
runc
1.1.12-1.0.1.module+el8.9.0+90165+ead7974e
skopeo
1.6.2-9.module+el8.9.0+90165+ead7974e
skopeo-tests
1.6.2-9.module+el8.9.0+90165+ead7974e
slirp4netns
1.1.8-3.module+el8.9.0+90165+ead7974e
udica
0.2.6-4.module+el8.9.0+90165+ead7974e
Связанные CVE
Связанные уязвимости
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
A malicious HTTP sender can use chunk extensions to cause a receiver r ...
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.