ALSA-2023:2780

[ALSA-2023:2780] Moderate: Image Builder security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2023-05-20

Description:

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.

Security Fix(es):

* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	osbuild-composer-75-1.el8.alma.aarch64.rpm	41af1f22bd216ec38f7fd9b3f213abf503c62b86df8fb7e25b6debd7d5578bcb
aarch64	osbuild-composer-worker-75-1.el8.alma.aarch64.rpm	49d7a40b81ba4210e4d73cb8848b68f165e05206e36db7525a924d58df094db5
aarch64	weldr-client-35.9-2.el8.aarch64.rpm	929b9e1ef0f257b6387cf6e953e76d5f9c265e177a51c823f17271173426ad7d
aarch64	osbuild-composer-core-75-1.el8.alma.aarch64.rpm	abc28cb89cec26c83719de733c67b070e3a1bb26bc4206992518f199199699fb
aarch64	osbuild-composer-dnf-json-75-1.el8.alma.aarch64.rpm	dbce578c124a54fe80f98febf5fd2fa36eb4f92cfd0a839c4b4d1462f10bb101
ppc64le	osbuild-composer-dnf-json-75-1.el8.alma.ppc64le.rpm	376b09287dbd7fa2d56f2635118acfb912f104fb5a540115a0639e3af6efc244
ppc64le	osbuild-composer-core-75-1.el8.alma.ppc64le.rpm	b7ec3ec2ae649c234702a53e3dba34f12856ec32da575d4b396f096cebf07d5a
ppc64le	weldr-client-35.9-2.el8.ppc64le.rpm	cc03389ddcce0a3ee076d0aa52dca97d3e261aa852fd98e02577f72417f2bd9f
ppc64le	osbuild-composer-worker-75-1.el8.alma.ppc64le.rpm	f066ac950dd731cfe8931c67a88c169b5c0ef24e766b283f99c0aefcdaa017ee
ppc64le	osbuild-composer-75-1.el8.alma.ppc64le.rpm	f7b95a5f310bb267685ede050fcd7a278353f86b929ba7a134b0e1a83105d44e
s390x	osbuild-composer-worker-75-1.el8.alma.s390x.rpm	1c34d2fe5393b53bd5af0060aa6d4551d5ace1e99c3347855d08fab6dd2a662b
s390x	osbuild-composer-core-75-1.el8.alma.s390x.rpm	3e23e4d0d6c67bb3b0b48ce7c1470e677bf733d1261c6c79e394df5ca7de6930
s390x	osbuild-composer-dnf-json-75-1.el8.alma.s390x.rpm	5b986121dd70d5eea857f61c8481ff92e52abf786880a1cac523d9c7aaf49270
s390x	osbuild-composer-75-1.el8.alma.s390x.rpm	bfc65ed36f8a138237684a6525d677bf69b82ffcb6e2a36b176aaec8e490680b
s390x	weldr-client-35.9-2.el8.s390x.rpm	e4e579d32966eca702c03071f59f87f2ce697d26a4ce527f0e4fdc60d13253d8
x86_64	osbuild-composer-worker-75-1.el8.alma.x86_64.rpm	4109c1c4099553c3c92aa975907630c52e6a6abcd6d0f62dcf944d6b4869259a
x86_64	osbuild-composer-dnf-json-75-1.el8.alma.x86_64.rpm	4ac4502ad9ff1b8f50aa2c33a3116234bdc191dfa60a4c682430071734d13be8
x86_64	osbuild-composer-75-1.el8.alma.x86_64.rpm	a6ded1a49d90549c1e900f526ed94a5171e524e84ec9fda79bc99aba51ded211
x86_64	osbuild-composer-core-75-1.el8.alma.x86_64.rpm	b8b9b1c6f0740dfec95473239705187366ea1b066393c9ae160184b9399e331a
x86_64	weldr-client-35.9-2.el8.x86_64.rpm	f0670fdc3eb26338d3a880ef4a1be25bdd68f4a0a3a3e9a4a73fe668b4486498

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.