gvisor-tap-vsock-0.8.5-2.el9_6

エラータID: AXSA:2025-10539:04

Release date: 
Tuesday, July 22, 2025 - 16:47
Subject: 
gvisor-tap-vsock-0.8.5-2.el9_6
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.

Security Fix(es):

* net/[http:](http:) Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Solution: 

Update packages.

CVEs: 
CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Additional Info: 

N/A

Download: 

SRPMS
  1. gvisor-tap-vsock-0.8.5-2.el9_6.src.rpm
    MD5: e9f5eaa432272db0097bd378459d2d4f
    SHA-256: 322399ab865f50167bc4e933ed245fdfd25d34564a4a203233654160b57149ca
    Size: 10.26 MB

Asianux Server 9 for x86_64
  1. gvisor-tap-vsock-0.8.5-2.el9_6.x86_64.rpm
    MD5: 62fe19f54965cdf236549edbcf617b91
    SHA-256: 1fc444cda41e20f3f54ca0fefccfb4aeba371b20a7c537e885c9ff7d353ede14
    Size: 4.05 MB
  2. gvisor-tap-vsock-gvforwarder-0.8.5-2.el9_6.x86_64.rpm
    MD5: ce738b902538be0928faba31a0827820
    SHA-256: 2ece8a541264dca6bec24aca6eea8a6e6fa573e60840e71e3ff86ce6d946bce8
    Size: 1.99 MB