gvisor-tap-vsock-0.7.3-3.el9_4.ML.1

エラータID: AXSA:2024-8444:02

Release date: 
Sunday, June 23, 2024 - 18:32
Subject: 
gvisor-tap-vsock-0.7.3-3.el9_4.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.

Security Fix(es):

* golang: net/[http:](http:) memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

CVE-2023-45290
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. gvisor-tap-vsock-0.7.3-3.el9_4.ML.1.src.rpm
    MD5: 1d1ebea92d87a4239becab814a635c1f
    SHA-256: 8b67e42c02c5f326b80b650ff34667bd9429f189354fb7fac424e2c41c168c96
    Size: 9.75 MB

Asianux Server 9 for x86_64
  1. gvisor-tap-vsock-0.7.3-3.el9_4.ML.1.x86_64.rpm
    MD5: 52229048e03bedb9518d7b811153c6e6
    SHA-256: 5ef89a1725846eb694ea71884572c5e66a21001f04be43faaee3c80cd1180d84
    Size: 5.23 MB