エラータID: AXSA:2023-5654:01

Release date: 
Tuesday, May 30, 2023 - 07:24
Affected Channels: 
MIRACLE LINUX 9 for x86_64

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.

Security Fix(es):

* golang: net/[http:](http:) handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: net/[http:](http:) An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.


Update packages.

Additional Info: 



  1. toolbox-
    MD5: e1afaeacff4d21bb995add269b62de6e
    SHA-256: 19dcd2a4aebaa690ec23f3410851e49ff1ced7d07adf59adf1d46473b43b2f82
    Size: 2.21 MB

Asianux Server 9 for x86_64
  1. toolbox-
    MD5: 0f327b6db4eeaadd859dd9a4b43dc31c
    SHA-256: 20adc405d4b3f786a7ff082e3f5b3a29f85f6a3f9205eea4104167f3ec094bf4
    Size: 2.35 MB
  2. toolbox-tests-
    MD5: 450b0a9ce776ac58d5660b7b28d06083
    SHA-256: 5000e04edbdaec0295c55ecd886cc2a4530cc80c25c58fe92d906f4a73b40e2c
    Size: 35.49 kB