osbuild-composer-118-2.el9.ML.1
エラータID: AXSA:2024-9376:05
Release date:
Friday, December 13, 2024 - 18:14
Subject:
osbuild-composer-118-2.el9.ML.1
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
A service for building customized OS artifacts, such as VM images and OSTree
commits, that uses osbuild under the hood. Besides building images for local
usage, it can also upload images directly to cloud. It is compatible with
composer-cli and cockpit-composer clients.
Security Fix(es):
encoding/gob: golang: Calling Decoder.Decode on a message which contains
deeply nested structures can cause a panic due to stack exhaustion
(CVE-2024-34156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE(s):
CVE-2024-34156
Solution:
Update packages.
CVEs:
CVE-2024-34156
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Additional Info:
N/A
Download:
SRPMS
- osbuild-composer-118-2.el9.ML.1.src.rpm
MD5: 02af5cb57f8488a045ea1f383516b460
SHA-256: 789294ee4a6b6069d2fc541347a846cb384288fdd3acc67233b799ad465c0ea1
Size: 59.18 MB
Asianux Server 9 for x86_64
- osbuild-composer-118-2.el9.ML.1.x86_64.rpm
MD5: c467c56ad24492c5dd2f634745fc6ae6
SHA-256: 2ad7d33ebcac4e69523e9b0938ccaf360d7c48fcca51e20615e78ba6f668412b
Size: 21.74 kB - osbuild-composer-core-118-2.el9.ML.1.x86_64.rpm
MD5: ee1453dbcd808f46af6f7c91519758b4
SHA-256: f2067aef2d56c22ca0ddae968444f72bdd8e3a0c4217060b836bb6ee9299fa1c
Size: 10.39 MB - osbuild-composer-worker-118-2.el9.ML.1.x86_64.rpm
MD5: c6c4e317d800d4cace5a02bb1cf4d962
SHA-256: b7404ce77353cf30cd5493f6713792d32b0597fba3048c04cde4e1a18660d125
Size: 23.09 MB
日本語