Описание
Moderate: toolbox security update
Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.
Security Fix(es):
-
golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
-
golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
-
golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)
-
net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 9.5 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 9
Ссылки на источники
Исправления
- Red Hat - 2268017
- Red Hat - 2268022
- Red Hat - 2279814
- Red Hat - 2295310
