Описание
Moderate: podman security and bug fix update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fixes:
-
podman: jose-go: improper handling of highly compressed data (CVE-2024-28180)
-
podman: golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
-
podman: jose: resource exhaustion (CVE-2024-28176)
Затронутые продукты
Rocky Linux 9
Связанные CVE
Исправления
- Red Hat - 2268017
- Red Hat - 2268820
- Red Hat - 2268854
Связанные уязвимости
ELSA-2024-3827: buildah security and bug fix update (MODERATE)
ELSA-2024-3826: podman security and bug fix update (MODERATE)
ELSA-2024-3968: container-tools:ol8 bug fix and enhancement update (MODERATE)
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.