butane-0.16.0-1.el9
エラータID: AXSA:2023-5817:02
Butane translates human-readable Butane Configs into machine-readable Ignition configs for provisioning operating systems that use Ignition.
The following packages have been upgraded to a later upstream version: butane (0.16.0).
Security Fix(es):
* golang: net/[http:](http:) handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-27664
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
CVE-2022-32189
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.
Update packages.
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.
N/A
SRPMS
- butane-0.16.0-1.el9.src.rpm
MD5: 6d88d5b5f6e05bcf74ee665e7cf90498
SHA-256: 503b166719a084904033a4653060993780a39fb753b0824ba65dd6f5e2f9bac1
Size: 485.99 kB
Asianux Server 9 for x86_64
- butane-0.16.0-1.el9.x86_64.rpm
MD5: af5979661594640628c5b6880a88053f
SHA-256: 4bfae7238530782fe046dd4840a79b57279e0c0a1a908d03ef24480eca8e057f
Size: 2.20 MB