Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:9142

Опубликовано: 29 июл. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
aardvark-dnsx86_642.module+el8.10.0+2001+6a33db9faardvark-dns-1.10.1-2.module+el8.10.0+2001+6a33db9f.x86_64.rpm
aardvark-dnsx86_642.module+el8.10.0+1948+4b5cd4a9aardvark-dns-1.10.1-2.module+el8.10.0+1948+4b5cd4a9.x86_64.rpm
aardvark-dnsx86_642.module+el8.10.0+1896+b18fa106aardvark-dns-1.10.1-2.module+el8.10.0+1896+b18fa106.x86_64.rpm
aardvark-dnsx86_642.module+el8.10.0+1880+8e896d1baardvark-dns-1.10.1-2.module+el8.10.0+1880+8e896d1b.x86_64.rpm
aardvark-dnsx86_642.module+el8.10.0+1874+ce489889aardvark-dns-1.10.1-2.module+el8.10.0+1874+ce489889.x86_64.rpm
buildahx86_642.module+el8.10.0+2001+6a33db9fbuildah-1.33.12-2.module+el8.10.0+2001+6a33db9f.x86_64.rpm
buildah-testsx86_642.module+el8.10.0+2001+6a33db9fbuildah-tests-1.33.12-2.module+el8.10.0+2001+6a33db9f.x86_64.rpm
cockpit-podmannoarch1.module+el8.10.0+1872+2e18eb19cockpit-podman-84.1-1.module+el8.10.0+1872+2e18eb19.noarch.rpm
cockpit-podmannoarch1.module+el8.10.0+1843+6892ab28cockpit-podman-84.1-1.module+el8.10.0+1843+6892ab28.noarch.rpm
cockpit-podmannoarch1.module+el8.10.0+1825+623b0c20cockpit-podman-84.1-1.module+el8.10.0+1825+623b0c20.noarch.rpm

Показывать по

Связанные CVE

CVE-2025-22871

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2025-22871

CVSS3: 9.1
ubuntu
8 месяцев назад

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

redhat логотип

CVE-2025-22871

CVSS3: 5.4
redhat
8 месяцев назад

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

nvd логотип

CVE-2025-22871

CVSS3: 9.1
nvd
8 месяцев назад

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

msrc логотип

CVE-2025-22871

CVSS3: 8.2
msrc
8 месяцев назад

Request smuggling due to acceptance of invalid chunked data in net/http

debian логотип

CVE-2025-22871

CVSS3: 9.1
debian
8 месяцев назад

The net/http package improperly accepts a bare LF as a line terminator ...