gvisor-tap-vsock-0.7.3-3.el9_4.ML.1
エラータID: AXSA:2024-8444:02
A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.
Security Fix(es):
* golang: net/[http:](http:) memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
CVE-2023-45290
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
Update packages.
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
N/A
SRPMS
- gvisor-tap-vsock-0.7.3-3.el9_4.ML.1.src.rpm
MD5: 1d1ebea92d87a4239becab814a635c1f
SHA-256: 8b67e42c02c5f326b80b650ff34667bd9429f189354fb7fac424e2c41c168c96
Size: 9.75 MB
Asianux Server 9 for x86_64
- gvisor-tap-vsock-0.7.3-3.el9_4.ML.1.x86_64.rpm
MD5: 52229048e03bedb9518d7b811153c6e6
SHA-256: 5ef89a1725846eb694ea71884572c5e66a21001f04be43faaee3c80cd1180d84
Size: 5.23 MB