containernetworking-plugins-1.5.1-3.el9_5

エラータID: AXSA:2024-9487:07

Release date: 
Wednesday, December 25, 2024 - 10:28
Subject: 
containernetworking-plugins-1.5.1-3.el9_5
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.

Security Fix(es):

* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-34156
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Solution: 

Update packages.

CVEs: 
CVE-2024-34156
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Additional Info: 

N/A

Download: 

SRPMS
  1. containernetworking-plugins-1.5.1-3.el9_5.src.rpm
    MD5: b819efc07015d8ae3fdac4342febeb60
    SHA-256: ec4b8a489fd5b110a02aed734dd005065e46002cf290732530a3111508f3dd86
    Size: 3.46 MB

Asianux Server 9 for x86_64
  1. containernetworking-plugins-1.5.1-3.el9_5.x86_64.rpm
    MD5: b6c898783dd5c02bb8c3385a6a7603b0
    SHA-256: 1caea80ab995a90d73d1c34da0290f99095ea0ebb4e189a87a8c65688224b7f5
    Size: 9.78 MB