containernetworking-plugins-1.9.0-2.el9

エラータID: AXSA:2026-1127:02

Release date: 
Tuesday, June 30, 2026 - 23:18
Subject: 
containernetworking-plugins-1.9.0-2.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.

Security Fix(es):

* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9 Release Notes linked from the References section.

CVE-2025-61726
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
CVE-2025-61729
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
CVE-2025-68121
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. containernetworking-plugins-1.9.0-2.el9.src.rpm
    MD5: d2487edcc7fe873eec3ce69735e69e3d
    SHA-256: d0c4ab8874dcc3f7c89680867b64fde1930e9e0f93f8f838c56dbd1b7552057d
    Size: 3.71 MB

Asianux Server 9 for x86_64
  1. containernetworking-plugins-1.9.0-2.el9.x86_64.rpm
    MD5: a710a467715a13eba2e35e9b6e9c70b6
    SHA-256: 0709fb799c02df07c5ad561336a583c4eaa042fcd850d7fe44ecf49d2b01c7b4
    Size: 12.59 MB