RHSA-2023:6363 -- Redhat skopeoID: oval:org.secpod.oval:def:508037 | Date: (C)2024-01-02 (M)2024-04-23 |
Class: PATCH | Family: unix |
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix: golang: html/template: improper handling of JavaScript whitespace net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding golang: crypto/tls: large handshake records may cause panics golang: net/http, mime/multipart: denial of service from excessive resource consumption golang: net/http, net/textproto: denial of service from excessive memory allocation golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption golang: go/parser: Infinite loop in parsing golang: html/template: backticks not treated as string delimiters golang: html/template: improper sanitization of CSS values golang: html/template: improper handling of empty HTML attributes golang: net/ http: insufficient sanitization of Host header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.
Platform: |
Red Hat Enterprise Linux 9 |