opentelemetry-collector-0.107.0-10.el9_5
エラータID: AXSA:2025-9839:03
Collector with the supported components for a Cybertrust Japan Co., Ltd. build of OpenTelemetry
Security Fix(es):
* golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Prior to 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
Update packages.
golang-jwt is a Go implementation of JSON Web Tokens. Prior to 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
N/A
SRPMS
- opentelemetry-collector-0.107.0-10.el9_5.src.rpm
MD5: 056e71f2733b0010a2c546a888a288a7
SHA-256: f2bb682dff89cd3490f9503f6ef64e1b6967f0beba1eba897663b2acfa6cd571
Size: 18.90 MB
Asianux Server 9 for x86_64
- opentelemetry-collector-0.107.0-10.el9_5.x86_64.rpm
MD5: 344bc5933a2039c973ee3ab2d049d356
SHA-256: 781e12c1109ec74d90ffd38153a4e2c25e9c33d6b7a14111aece45220069ce4a
Size: 25.78 MB
日本語