Описание
Moderate: container-tools:4.0 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
- golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- could not find symbol
criu_set_lsm_mount_contextinlibcriu.so(BZ#2242871)
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 2222167
- Red Hat - 2242871
Связанные уязвимости
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
The HTTP/1 client does not fully validate the contents of the Host hea ...