SUSE-SU-2024:2108-1

Опубликовано: 20 июн. 2024

Источник: suse-cvrf

Описание

Security update for containerd

This update for containerd fixes the following issues:

Update to containerd v1.7.17.

CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400).
Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323).

Список пакетов

Image SLES15-SP3-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP3-BYOS-EC2-HVM

containerd-1.7.17-150000.111.3

Image SLES15-SP3-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP3-CHOST-BYOS-Aliyun

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP3-CHOST-BYOS-Azure

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP3-CHOST-BYOS-EC2

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP3-CHOST-BYOS-GCE

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP3-HPC-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP3-HPC-BYOS-EC2-HVM

containerd-1.7.17-150000.111.3

Image SLES15-SP3-HPC-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP3-Micro-5-1-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

containerd-1.7.17-150000.111.3

Image SLES15-SP3-Micro-5-1-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP3-Micro-5-2-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

containerd-1.7.17-150000.111.3

Image SLES15-SP3-Micro-5-2-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP3-SAP-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP3-SAP-BYOS-EC2-HVM

containerd-1.7.17-150000.111.3

Image SLES15-SP3-SAP-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP3-SAPCAL-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP3-SAPCAL-EC2-HVM

containerd-1.7.17-150000.111.3

Image SLES15-SP3-SAPCAL-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP4-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP4-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP4-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP4-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP4-CHOST-BYOS

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP4-CHOST-BYOS-Aliyun

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP4-CHOST-BYOS-Azure

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP4-CHOST-BYOS-EC2

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP4-CHOST-BYOS-GCE

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP4-CHOST-BYOS-SAP-CCloud

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP4-HPC-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP4-HPC-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP4-HPC-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP4-HPC-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP4-HPC-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP4-HPC-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Hardened-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Hardened-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Hardened-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Hardened-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Manager-Proxy-4-3-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Manager-Server-4-3

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Manager-Server-4-3-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Manager-Server-4-3-EC2-llc

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Manager-Server-4-3-EC2-ltd

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Micro-5-3

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Micro-5-3-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Micro-5-3-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Micro-5-3-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Micro-5-3-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Micro-5-3-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Micro-5-4

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Micro-5-4-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Micro-5-4-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Micro-5-4-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Micro-5-4-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Micro-5-4-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP4-Micro-5-4-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAP

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAP-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAP-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAP-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAP-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAP-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAP-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAP-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAP-Hardened

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAP-Hardened-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAP-Hardened-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAP-Hardened-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAPCAL

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAPCAL-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAPCAL-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP4-SAPCAL-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Azure-3P

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Azure-Basic

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Azure-Standard

containerd-1.7.17-150000.111.3

Image SLES15-SP5-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP5-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP5-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP5-CHOST-BYOS-Aliyun

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP5-CHOST-BYOS-Azure

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP5-CHOST-BYOS-EC2

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP5-CHOST-BYOS-GCE

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP5-CHOST-BYOS-GDC

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP5-CHOST-BYOS-SAP-CCloud

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP5-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP5-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP5-HPC-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP5-HPC-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP5-HPC-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP5-HPC-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Hardened-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Hardened-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Hardened-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Manager-Proxy-5-0-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Manager-Server-5-0

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Manager-Server-5-0-Azure-llc

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Manager-Server-5-0-Azure-ltd

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Manager-Server-5-0-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Manager-Server-5-0-EC2-llc

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Manager-Server-5-0-EC2-ltd

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Micro-5-5

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Micro-5-5-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Micro-5-5-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Micro-5-5-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Micro-5-5-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Micro-5-5-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Micro-5-5-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP5-Micro-5-5-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP5-SAP-Azure-3P

containerd-1.7.17-150000.111.3

Image SLES15-SP5-SAP-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP5-SAP-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP5-SAP-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP5-SAP-Hardened-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP5-SAP-Hardened-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP5-SAPCAL-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP5-SAPCAL-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP5-SAPCAL-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP6

containerd-1.7.17-150000.111.3

Image SLES15-SP6-Azure-Basic

containerd-1.7.17-150000.111.3

Image SLES15-SP6-Azure-Standard

containerd-1.7.17-150000.111.3

Image SLES15-SP6-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP6-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP6-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP6-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP6-CHOST-BYOS

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP6-CHOST-BYOS-Aliyun

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP6-CHOST-BYOS-Azure

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP6-CHOST-BYOS-EC2

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP6-CHOST-BYOS-GCE

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP6-CHOST-BYOS-GDC

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP6-CHOST-BYOS-SAP-CCloud

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

Image SLES15-SP6-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP6-EC2-ECS-HVM

containerd-1.7.17-150000.111.3

Image SLES15-SP6-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP6-HPC

containerd-1.7.17-150000.111.3

Image SLES15-SP6-HPC-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP6-HPC-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP6-HPC-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP6-HPC-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP6-HPC-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP6-HPC-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP6-HPC-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP6-Hardened-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP6-Hardened-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP6-Hardened-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP6-Hardened-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP-Hardened

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP-Hardened-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP-Hardened-BYOS

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP-Hardened-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAP-Hardened-GCE

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAPCAL

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAPCAL-Azure

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAPCAL-EC2

containerd-1.7.17-150000.111.3

Image SLES15-SP6-SAPCAL-GCE

containerd-1.7.17-150000.111.3

SUSE Enterprise Storage 7.1

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

containerd-devel-1.7.17-150000.111.3

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

containerd-devel-1.7.17-150000.111.3

SUSE Linux Enterprise Micro 5.1

containerd-1.7.17-150000.111.3

SUSE Linux Enterprise Micro 5.2

containerd-1.7.17-150000.111.3

SUSE Linux Enterprise Micro 5.3

containerd-1.7.17-150000.111.3

SUSE Linux Enterprise Micro 5.4

containerd-1.7.17-150000.111.3

SUSE Linux Enterprise Micro 5.5

containerd-1.7.17-150000.111.3

SUSE Linux Enterprise Module for Containers 15 SP5

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

containerd-devel-1.7.17-150000.111.3

SUSE Linux Enterprise Module for Containers 15 SP6

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

containerd-devel-1.7.17-150000.111.3

SUSE Linux Enterprise Server 15 SP2-LTSS

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

SUSE Linux Enterprise Server 15 SP3-LTSS

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

SUSE Linux Enterprise Server 15 SP4-LTSS

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

containerd-devel-1.7.17-150000.111.3

SUSE Linux Enterprise Server for SAP Applications 15 SP2

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

SUSE Linux Enterprise Server for SAP Applications 15 SP3

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

SUSE Linux Enterprise Server for SAP Applications 15 SP4

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

containerd-devel-1.7.17-150000.111.3

openSUSE Leap 15.5

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

containerd-devel-1.7.17-150000.111.3

openSUSE Leap 15.6

containerd-1.7.17-150000.111.3

containerd-ctr-1.7.17-150000.111.3

containerd-devel-1.7.17-150000.111.3

openSUSE Leap Micro 5.3

containerd-1.7.17-150000.111.3

openSUSE Leap Micro 5.4

containerd-1.7.17-150000.111.3

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242108-1/
Link for SUSE-SU-2024:2108-1
https://lists.suse.com/pipermail/sle-security-updates/2024-June/018771.html
E-Mail link for SUSE-SU-2024:2108-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1221400
SUSE Bug 1221400
https://bugzilla.suse.com/1224323
SUSE Bug 1224323
https://www.suse.com/security/cve/CVE-2023-45288/
SUSE CVE CVE-2023-45288 page

Описание

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.

Затронутые продукты

Image SLES15-SP3-BYOS-Azure:containerd-1.7.17-150000.111.3

Image SLES15-SP3-BYOS-EC2-HVM:containerd-1.7.17-150000.111.3

Image SLES15-SP3-BYOS-GCE:containerd-1.7.17-150000.111.3

Image SLES15-SP3-CHOST-BYOS-Aliyun:containerd-1.7.17-150000.111.3

Ссылки

https://www.suse.com/security/cve/CVE-2023-45288.html
CVE-2023-45288
https://bugzilla.suse.com/1221400
SUSE Bug 1221400