Описание
ELSA-2024-2272: containernetworking-plugins security update (MODERATE)
[1:1.4.0-2]
- rebuild
- Related: RHEL-18372
[1:1.4.0-1]
- update to https://github.com/containernetworking/plugins/releases/tag/v1.4.0
- Related: RHEL-2112
[1:1.3.0-5]
- fix path to dhcp service
- Resolves: #RHEL-3140
[1:1.3.0-4]
- add Epoch in Provides
- Related: #2176063
[1:1.3.0-3]
- remove no_openssl for FIPS compliance
- Related: #2176063
[1:1.3.0-2]
- rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400
- Resolves: #2179960
- Resolves: #2187333
- Resolves: #2187376
- Resolves: #2203705
- Resolves: #2207519
[1:1.3.0-1]
- update to https://github.com/containernetworking/plugins/releases/tag/v1.3.0
- Related: #2176063
[1:1.2.0-1]
- update to https://github.com/containernetworking/plugins/releases/tag/v1.2.0
- Related: #2124478
[1:1.1.1-3]
- Re-enable LTO and debuginfo
- Related: #2061316
[1:1.1.1-2]
- BuildRequires: /usr/bin/go-md2man
- Related: #2061316
[1:1.1.1-1]
- update to https://github.com/containernetworking/plugins/releases/tag/v1.1.1
- Related: #2061316
[1:1.1.0-1]
- update to https://github.com/containernetworking/plugins/releases/tag/v1.1.0
- Related: #2061316
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
containernetworking-plugins
1.4.0-2.el9_4
Oracle Linux x86_64
containernetworking-plugins
1.4.0-2.el9_4
Связанные CVE
Связанные уязвимости
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.
Before Go 1.20, the RSA based TLS key exchanges used the math/big libr ...