SUSE-SU-2023:2154-1

Опубликовано: 09 мая 2023

Источник: suse-cvrf

Описание

Security update for distribution

This update for distribution fixes the following issues:

CVE-2023-2253: Fixed possible DoS via a crafted malicious /v2/_catalog API endpoint request (bsc#1207705).

Список пакетов

Container suse/registry:latest

distribution-registry-2.8.1-150400.9.18.1

SUSE Linux Enterprise Module for Containers 15 SP4

distribution-registry-2.8.1-150400.9.18.1

openSUSE Leap 15.4

distribution-registry-2.8.1-150400.9.18.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232154-1/
Link for SUSE-SU-2023:2154-1
https://lists.suse.com/pipermail/sle-security-updates/2023-May/014826.html
E-Mail link for SUSE-SU-2023:2154-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1207705
SUSE Bug 1207705
https://www.suse.com/security/cve/CVE-2023-2253/
SUSE CVE CVE-2023-2253 page

Описание

A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.

Затронутые продукты

Container suse/registry:latest:distribution-registry-2.8.1-150400.9.18.1

SUSE Linux Enterprise Module for Containers 15 SP4:distribution-registry-2.8.1-150400.9.18.1

openSUSE Leap 15.4:distribution-registry-2.8.1-150400.9.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-2253.html
CVE-2023-2253
https://bugzilla.suse.com/1207705
SUSE Bug 1207705

SUSE-SU-2023:2154-1

Описание

Список пакетов

Container suse/registry:latest

SUSE Linux Enterprise Module for Containers 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-2253

Описание

Затронутые продукты

Ссылки