skopeo-1.13.3-4.el9_3
エラータID: AXSA:2024-7582:01
リリース日:
2024/03/08 Friday - 14:23
題名:
skopeo-1.13.3-4.el9_3
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Go の net/http エンコーディングリーダーのチャンク拡張機能
の処理には、最大 1 GiByte の本文のよりも大きいデータの読み
取りを許容してしまう問題があるため、リモートの攻撃者により、
細工された大量のデータの送信を介して、サービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2023-39326)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-39326
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
追加情報:
N/A
ダウンロード:
SRPMS
- skopeo-1.13.3-4.el9_3.src.rpm
MD5: 28a2e1cf55fc38a351254252af808322
SHA-256: 9c17f44fbd3e8f4703e3bb617c82810e8e15caa44a9bc96c6172d217854451f3
Size: 7.47 MB
Asianux Server 9 for x86_64
- skopeo-1.13.3-4.el9_3.x86_64.rpm
MD5: c768ef49f1180dd2b622e35f242bfc6a
SHA-256: 62bb963fac8fe50c3e131f2091ce20f2d67f60466eb67a5d98ef4e43193ce0c2
Size: 7.89 MB - skopeo-tests-1.13.3-4.el9_3.x86_64.rpm
MD5: b7547a5601ea85e7bc6e2e4daacaf655
SHA-256: 296c078bbc4d11d0c7eda1f4825dfe4b95ad25fc7d8bb8df7c65628551496a3f
Size: 764.50 kB
English