ELSA-2023-2367: containernetworking-plugins security and bug fix update (MODERATE)

ELSA-2023-2283: skopeo security and bug fix update (MODERATE)

ELSA-2023-2282: podman security and bug fix update (MODERATE)

ELSA-2023-2253: buildah security and bug fix update (MODERATE)

Множественные уязвимости skopeo

Moderate: container-tools:rhel8 security, bug fix, and enhancement update

ELSA-2023-2758: container-tools:ol8 security, bug fix, and enhancement update (MODERATE)

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

Session tickets lack random ticket_age_add in crypto/tls

Non-random values for ticket_age_add in session tickets in crypto/tls ...

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

An attacker can cause excessive memory growth in a Go server accepting ...

Security update for go1.18-openssl

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

Уязвимость функции ticket_age_add языка программирования Go, позволяющая нарушителю получить несанкционированный доступ к идентификаторам сеанса