Important: osbuild-composer security update

ELSA-2024-7262: osbuild-composer security update (IMPORTANT)

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Calling Decoder.Decode on a message which contains deeply nested struc ...

Important: skopeo security update

Important: grafana-pcp security update

Important: grafana security and bug fix update

Important: grafana-pcp security and bug fix update

Important: grafana-pcp security update

Memory leaks in code encrypting and verifying RSA payloads

ELSA-2024-4762: runc security update (IMPORTANT)

ELSA-2024-4761: containernetworking-plugins security update (IMPORTANT)

ELSA-2024-4502: skopeo security update (IMPORTANT)

ELSA-2024-4379: gvisor-tap-vsock security update (IMPORTANT)

ELSA-2024-4378: podman security update (IMPORTANT)

ELSA-2024-4371: buildah security update (IMPORTANT)