containernetworking-plugins-1.4.0-3.el9_4
エラータID: AXSA:2024-8419:02
The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.
Security Fix(es):
* golang: net/[http:](http:) memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
CVE-2023-45290
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
Update packages.
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
N/A
SRPMS
- containernetworking-plugins-1.4.0-3.el9_4.src.rpm
MD5: 608125f14eba12b4dc9f0199eca4b128
SHA-256: 7df77d935fafed2387aeea502ddd84fc53619dd00990b84fe708669c02386e64
Size: 3.62 MB
Asianux Server 9 for x86_64
- containernetworking-plugins-1.4.0-3.el9_4.x86_64.rpm
MD5: c9c5c2e08f4fa904da8e62bd5fb414a4
SHA-256: 3fd0f1a28e20e4041bd5f6c1290c5738ea19f229d4193b3f5f386f563c92d000
Size: 9.31 MB
日本語