weldr-client-35.12-3.el8_10
エラータID: AXSA:2025-10404:01
Release date:
Thursday, July 3, 2025 - 10:37
Subject:
weldr-client-35.12-3.el8_10
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
Command line utility to control osbuild-composer
Security Fix(es):
* net/[http:](http:) Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Solution:
Update packages.
CVEs:
CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Additional Info:
N/A
Download:
SRPMS
- weldr-client-35.12-3.el8_10.src.rpm
MD5: 72167eb8f0393dddc7eb45b8cc0bef93
SHA-256: af638cc2ac81b8c93242afbca05f93a0de312f355b089cd19c6e820277ef7d8e
Size: 420.31 kB
Asianux Server 8 for x86_64
- weldr-client-35.12-3.el8_10.x86_64.rpm
MD5: 27fa3739d434cbfd3e2af3d45104d958
SHA-256: 3122aabe3d365133c4ff703e13f3f28d1244ac413c60c578dfb4eb4750b2e552
Size: 3.32 MB
日本語