conmon-2.1.7-1.el9

エラータID: AXSA:2023-5520:02

Release date: 
Thursday, May 25, 2023 - 01:53
Subject: 
conmon-2.1.7-1.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Conmon is an OCI container runtime monitor.

Security Fix(es):

* golang: net/[http:](http:) excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

Solution: 

Update packages.

CVEs: 
CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
Additional Info: 

N/A

Download: 

SRPMS
  1. conmon-2.1.7-1.el9.src.rpm
    MD5: f33bc77ac90736b522715b9325b8ff66
    SHA-256: 1b1eaeeda05ec306dfa92f043b8d5a0d571a7e1405e2d6961b0a7b04ae52fcee
    Size: 167.61 kB

Asianux Server 9 for x86_64
  1. conmon-2.1.7-1.el9.x86_64.rpm
    MD5: bfd5de2357218dbdfacf566a631db39b
    SHA-256: ff3af81b42e30c9e1af7eab9a978b3a12fc9432c070e70c28a025320e74295e0
    Size: 51.25 kB