grafana-9.2.10-18.el8_10
エラータID: AXSA:2024-8877:15
リリース日:
2024/10/03 Thursday - 13:22
題名:
grafana-9.2.10-18.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Go の net/http モジュールの HTTP/1.1 クライアント機能には、
情報レスポンス以外のステータスで応答する際の処理に問題が
あるため、リモートの攻撃者により、「Expect: 100-continue」
のヘッダーが付与されるように細工した HTTP リクエスト
パケットの送信を介して、サービス拒否攻撃 (クライアント接続
の無効化) を可能とする脆弱性が存在します。(CVE-2024-24791)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-24791
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
追加情報:
N/A
ダウンロード:
SRPMS
- grafana-9.2.10-18.el8_10.src.rpm
MD5: bf9ff357999591fc73a7a1a7fbf5e5ab
SHA-256: 89dad30c0d68abfc3688c9a2fbd395e01300f68e7f4078677f2fe0c5c928327f
Size: 321.66 MB
Asianux Server 8 for x86_64
- grafana-9.2.10-18.el8_10.x86_64.rpm
MD5: cbf319a0425bceb2887ccfa224258306
SHA-256: 2b10dd2538f989d90df102d1124b58f5418e23827c446e0d8933b592c39a91a3
Size: 75.51 MB - grafana-selinux-9.2.10-18.el8_10.x86_64.rpm
MD5: b6af8814c9e61b549cf8cf243573905f
SHA-256: 394b481f1bd07add5f9e3d0b6c48cbcc12e0744d70610bb8b27995c21b7ff545
Size: 34.30 kB