containernetworking-plugins-1.4.0-6.el9_4

エラータID: AXSA:2024-8906:05

Release date: 
Thursday, October 17, 2024 - 13:41
Subject: 
containernetworking-plugins-1.4.0-6.el9_4
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.

Security Fix(es):

* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-34156
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Solution: 

Update packages.

CVEs: 
CVE-2024-34156
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Additional Info: 

N/A

Download: 

SRPMS
  1. containernetworking-plugins-1.4.0-6.el9_4.src.rpm
    MD5: 5a7f0af3d7e345c66d4535705a561856
    SHA-256: 82f84d38e968cf73920475d2a4e0a432795c53c3c039a244bf6f836e228f3179
    Size: 3.62 MB

Asianux Server 9 for x86_64
  1. containernetworking-plugins-1.4.0-6.el9_4.x86_64.rpm
    MD5: a5a886fdcc31f82ad472978b9bdf592e
    SHA-256: f62a88af8a6c1f1999ad202a56b5af6b6fa9b7ea5228f18c9dc992df3a4e0afc
    Size: 9.30 MB