weldr-client-35.12-4.el9_6
エラータID: AXSA:2025-10616:02
Release date:
Monday, July 28, 2025 - 16:31
Subject:
weldr-client-35.12-4.el9_6
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
Command line utility to control osbuild-composer
Security Fix(es):
* net/[http:](http:) Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Solution:
Update packages.
CVEs:
CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Additional Info:
N/A
Download:
SRPMS
- weldr-client-35.12-4.el9_6.src.rpm
MD5: e4d3e7956a77e38c6c7661209cd07397
SHA-256: fc75af719f87349b02ac189cfca74e6e1d90d57892217f7cd80683041c7b6e09
Size: 418.27 kB
Asianux Server 9 for x86_64
- weldr-client-35.12-4.el9_6.x86_64.rpm
MD5: b68f28a4e4b18020ea853ca079cf3706
SHA-256: 8581f7fde699a06503a3e4a31042967d116c8508a1e611677fa2095a6662fca3
Size: 3.32 MB
日本語