podman-4.9.4-5.el9_4
エラータID: AXSA:2024-8550:06
リリース日:
2024/07/10 Wednesday - 14:45
題名:
podman-4.9.4-5.el9_4
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Go の RSA 暗号化 / 復号化の処理には、メモリリークの問題が
あるため、リモートの攻撃者により、サービス拒否攻撃 (メモリ
枯渇) を可能とする脆弱性が存在します。(CVE-2024-1394)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-1394
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
追加情報:
N/A
ダウンロード:
SRPMS
- podman-4.9.4-5.el9_4.src.rpm
MD5: a45481ffe3fc2eb6c354ff168e9f757d
SHA-256: 9bd3f0137ebfad29f8b72939ab33ed15d5074f35ab5e6b286a99d740e175e774
Size: 22.75 MB
Asianux Server 9 for x86_64
- podman-4.9.4-5.el9_4.x86_64.rpm
MD5: bacb79ce717a299a8e1830a8eb11eac6
SHA-256: 373923d3850ee300afdd4297af96cbe44979499f1061d168caa32766caf61da4
Size: 15.58 MB - podman-docker-4.9.4-5.el9_4.noarch.rpm
MD5: 97bde76c9075bdc5d6e8d496f2812884
SHA-256: 4982bc8ca661406760395dc54abf293a0fed5f53563a6e31f62ce946cdc08661
Size: 105.61 kB - podman-plugins-4.9.4-5.el9_4.x86_64.rpm
MD5: 0383ca2a7328b576f1b14c99bb646133
SHA-256: 61a255bbd7f103e0199aced0261f6b8592283601c6226439c1147485d8d93a0a
Size: 1.28 MB - podman-remote-4.9.4-5.el9_4.x86_64.rpm
MD5: b2fd569fc878c0f25e23cd528fe1b576
SHA-256: f25597b94aa4a4bd42bd51823d424f3867d5344d291d535664c663e9b2d88d58
Size: 10.22 MB - podman-tests-4.9.4-5.el9_4.x86_64.rpm
MD5: f3e2448c5798e955980822182fb28989
SHA-256: 92f55ea2f4bf04bc6a0b9e75eb2daca2f0d4c2bc1aabe9f65ed6a7afd03fcdf9
Size: 209.23 kB
English