Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:0458-1

Опубликовано: 12 фев. 2025
Источник: suse-cvrf

Описание

Security update for podman

This update for podman fixes the following issues:

  • CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. (bsc#1227052)
  • CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for an HTTP/2 request in golang.org/x/net/http2. (bsc#1236507)

Список пакетов

Container suse/sle-micro/5.5:latest
podman-4.9.5-150500.3.34.2
Image SLES15-SP5-Manager-Proxy-5-0-BYOS
podman-4.9.5-150500.3.34.2
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure
podman-4.9.5-150500.3.34.2
Image SLES15-SP5-Manager-Server-5-0
podman-4.9.5-150500.3.34.2
Image SLES15-SP5-Manager-Server-5-0-Azure-llc
podman-4.9.5-150500.3.34.2
Image SLES15-SP5-Manager-Server-5-0-Azure-ltd
podman-4.9.5-150500.3.34.2
Image SLES15-SP5-Manager-Server-5-0-BYOS
podman-4.9.5-150500.3.34.2
Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure
podman-4.9.5-150500.3.34.2
Image SLES15-SP5-Micro-5-5-BYOS
podman-4.9.5-150500.3.34.2
Image SLES15-SP5-Micro-5-5-BYOS-Azure
podman-4.9.5-150500.3.34.2
SUSE Linux Enterprise Micro 5.5
podman-4.9.5-150500.3.34.2
podman-docker-4.9.5-150500.3.34.2
podman-remote-4.9.5-150500.3.34.2
podmansh-4.9.5-150500.3.34.2
SUSE Linux Enterprise Module for Containers 15 SP6
podman-4.9.5-150500.3.34.2
podman-docker-4.9.5-150500.3.34.2
podman-remote-4.9.5-150500.3.34.2
podmansh-4.9.5-150500.3.34.2
openSUSE Leap 15.6
podman-4.9.5-150500.3.34.2
podman-docker-4.9.5-150500.3.34.2
podman-remote-4.9.5-150500.3.34.2
podmansh-4.9.5-150500.3.34.2

Ссылки

Описание

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.

Затронутые продукты
Container suse/sle-micro/5.5:latest:podman-4.9.5-150500.3.34.2
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure:podman-4.9.5-150500.3.34.2
Image SLES15-SP5-Manager-Proxy-5-0-BYOS:podman-4.9.5-150500.3.34.2
Image SLES15-SP5-Manager-Server-5-0-Azure-llc:podman-4.9.5-150500.3.34.2
Ссылки

Описание

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.

Затронутые продукты
Container suse/sle-micro/5.5:latest:podman-4.9.5-150500.3.34.2
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure:podman-4.9.5-150500.3.34.2
Image SLES15-SP5-Manager-Proxy-5-0-BYOS:podman-4.9.5-150500.3.34.2
Image SLES15-SP5-Manager-Server-5-0-Azure-llc:podman-4.9.5-150500.3.34.2
Ссылки
Уязвимость SUSE-SU-2025:0458-1