podman-4.6.1-7.el9_3
エラータID: AXSA:2023-7058:08
以下項目について対処しました。
[Security Fix]
- Go には、証明書チェーン内に含まれる RSA キーの検証に大量の
CPU リソースを消費してしまう問題があるため、リモートの攻撃者
により、非常に大きなサイズの RSA キーを含むように細工された
証明書を介して、サービス拒否攻撃 (CPU リソース枯渇) を可能と
する脆弱性が存在します。(CVE-2023-29409)
- Go の html/template モジュールには、'<script>' タグ内のコメント
タグ ( ) やハッシュバン ( #! ) を適切に処理しない問題があるため、
リモートの攻撃者により、クロスサイトスクリプティング攻撃を
可能とする脆弱性が存在します。(CVE-2023-39318)
- Go の html/template モジュールには、<script> タグを用いて記載
された JavaScript コード内の "<script"、"<!--"、および "</script"
を処理するためのルールが適用されない問題があるため、リモート
の攻撃者により、クロスサイトスクリプティング攻撃を可能とする
脆弱性が存在します。(CVE-2023-39319)
- Go には、リモートの攻撃者により、不完全なポストハンドシェイク
メッセージを介して、サービス拒否攻撃 (クラッシュの発生) を可能と
する脆弱性が存在します。(CVE-2023-39321)
- Go の QUIC プロトコルの処理には、接続後の受信メッセージの
バッファリングデータ量に上限が設けられていない問題があるため、
リモートの攻撃者により、サービス拒否攻撃 (メモリ枯渇) を可能と
する脆弱性が存在します。(CVE-2023-39322)
パッケージをアップデートしてください。
CVES:
CVE-2023-29409
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.
CVE-2023-39318
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.
CVE-2023-39319
The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.
CVE-2023-39321
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
CVE-2023-39322
QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.
N/A
SRPMS
- podman-4.6.1-7.el9_3.src.rpm
MD5: b8d96c07dab4e210645466ad346f8d02
SHA-256: 7e3d47f43246f5254f65abb4ea71267530cbfdcc216c386db62b1a96d51c4b49
Size: 22.71 MB
Asianux Server 9 for x86_64
- podman-4.6.1-7.el9_3.x86_64.rpm
MD5: 016f1976917f1da54701017e728cc537
SHA-256: b0634c0336c7b7362ee2e34f77e080bfd059534c984616693c9432c26d09fdb5
Size: 14.86 MB - podman-docker-4.6.1-7.el9_3.noarch.rpm
MD5: 9a37166878d6c28ea2050c3c80bf07ec
SHA-256: 509f6787500e488b89371e6e9d0680e77053561a4ca3232180871eddf68463c1
Size: 58.10 kB - podman-gvproxy-4.6.1-7.el9_3.x86_64.rpm
MD5: 1774cec49513261e056a48bc180f2074
SHA-256: 775879eeb02b432df8cf6c13fe8bd75260a979fbe9ad97b495ede2d1ba23673b
Size: 3.72 MB - podman-plugins-4.6.1-7.el9_3.x86_64.rpm
MD5: ed0a955f3933d96048bd35428844a03a
SHA-256: d28601427b131590354da258995dc87c845b75827ebef11974156af8cb05fb0b
Size: 1.22 MB - podman-remote-4.6.1-7.el9_3.x86_64.rpm
MD5: d3e0bdf15a3f62e27314520441fb745a
SHA-256: 612de7af5f66e4299a3eac29784baee46a0ddc2db940330898c88eeb590efb33
Size: 9.43 MB - podman-tests-4.6.1-7.el9_3.x86_64.rpm
MD5: 1089afac14bafbaeb6d8c58500a4776c
SHA-256: 795e6add00c2f1c82b2610cdb1874ea2ef956dadbf10c7f57bf497902ea1414a
Size: 173.66 kB