podman-4.9.4-5.el9_4
エラータID: AXSA:2024-8550:06
Release date:
Wednesday, July 10, 2024 - 14:45
Subject:
podman-4.9.4-5.el9_4
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
The podman tool manages pods, container images, and containers. It is part of
the libpod library, which is for applications that use container pods. Container
pods is a concept in Kubernetes.
Security Fix(es):
golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA
payloads (CVE-2024-1394)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE(s):
CVE-2024-1394
Solution:
Update packages.
CVEs:
CVE-2024-1394
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
Additional Info:
N/A
Download:
SRPMS
- podman-4.9.4-5.el9_4.src.rpm
MD5: a45481ffe3fc2eb6c354ff168e9f757d
SHA-256: 9bd3f0137ebfad29f8b72939ab33ed15d5074f35ab5e6b286a99d740e175e774
Size: 22.75 MB
Asianux Server 9 for x86_64
- podman-4.9.4-5.el9_4.x86_64.rpm
MD5: bacb79ce717a299a8e1830a8eb11eac6
SHA-256: 373923d3850ee300afdd4297af96cbe44979499f1061d168caa32766caf61da4
Size: 15.58 MB - podman-docker-4.9.4-5.el9_4.noarch.rpm
MD5: 97bde76c9075bdc5d6e8d496f2812884
SHA-256: 4982bc8ca661406760395dc54abf293a0fed5f53563a6e31f62ce946cdc08661
Size: 105.61 kB - podman-plugins-4.9.4-5.el9_4.x86_64.rpm
MD5: 0383ca2a7328b576f1b14c99bb646133
SHA-256: 61a255bbd7f103e0199aced0261f6b8592283601c6226439c1147485d8d93a0a
Size: 1.28 MB - podman-remote-4.9.4-5.el9_4.x86_64.rpm
MD5: b2fd569fc878c0f25e23cd528fe1b576
SHA-256: f25597b94aa4a4bd42bd51823d424f3867d5344d291d535664c663e9b2d88d58
Size: 10.22 MB - podman-tests-4.9.4-5.el9_4.x86_64.rpm
MD5: f3e2448c5798e955980822182fb28989
SHA-256: 92f55ea2f4bf04bc6a0b9e75eb2daca2f0d4c2bc1aabe9f65ed6a7afd03fcdf9
Size: 209.23 kB
日本語