ALSA-2023:2204

[ALSA-2023:2204] Moderate: Image Builder security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2023-05-12

Description:

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.

Security Fix(es):

* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	osbuild-composer-worker-76-2.el9_2.alma.aarch64.rpm	2e639653372d06ff3454a605ba61861afd7dc6406630b3ee8af7ed69bf5680cf
aarch64	osbuild-composer-core-76-2.el9_2.alma.aarch64.rpm	73a9e21556d51d3fdf9d9815821c5c7a55fb5ccf5a4f5bc027114f1777f4b807
aarch64	osbuild-composer-76-2.el9_2.alma.aarch64.rpm	a3b45c5bcfae9bc50efc9e05170021c1289a94660242dec9f46582a499b2cc1b
aarch64	weldr-client-35.9-1.el9.aarch64.rpm	c2f97d58a163260d07e8454de54235d7bff24f2d17a62d70b97207e8bc863837
aarch64	osbuild-composer-dnf-json-76-2.el9_2.alma.aarch64.rpm	cd2ecf578febf240bbb0cefdf986d6b16fa5931f05c715d705cd23282b1dd896
ppc64le	osbuild-composer-dnf-json-76-2.el9_2.alma.ppc64le.rpm	2670e2f53b19698b6de2ee804f232202183d8447869efd8a5835cbf67efadadc
ppc64le	osbuild-composer-core-76-2.el9_2.alma.ppc64le.rpm	4fb8ce97fac4f82359d04377d8f17995a42b302763ae7c6dd6cce7f5661cca6f
ppc64le	weldr-client-35.9-1.el9.ppc64le.rpm	636e1319467f56e9767254a30ff28ffa26f92a644506f021fd933e55502db718
ppc64le	osbuild-composer-76-2.el9_2.alma.ppc64le.rpm	6ab941871097c957cfad5f71e5484a81094adc83af2e2274024cf63759fa345b
ppc64le	osbuild-composer-worker-76-2.el9_2.alma.ppc64le.rpm	e20fb1b7f1c8d82238492c59b335808dc4172033d88e839435d6a4276d49f0cf
s390x	osbuild-composer-76-2.el9_2.alma.s390x.rpm	0ec27bf7233cc110fdbe3d0b4423cd903714258eb2db06c91672fdf71df59d25
s390x	weldr-client-35.9-1.el9.s390x.rpm	1363987722103df7684ce456cb5ef2033d89cffe9b1c86db83e752ea1c040579
s390x	osbuild-composer-core-76-2.el9_2.alma.s390x.rpm	3c8e3df36178b4082144c07476d3db46a883b5c5a347908e8ec361f6820046f9
s390x	osbuild-composer-dnf-json-76-2.el9_2.alma.s390x.rpm	f55857e8fda2e6b39a8ee94d196d6d16902bee5ad2094d3ecd9124d4f71a32c0
s390x	osbuild-composer-worker-76-2.el9_2.alma.s390x.rpm	f911f4607d0478d9836aa2e1b358222b4660f8f8b2630bd3ed2fef00c76f3f80
x86_64	osbuild-composer-core-76-2.el9_2.alma.x86_64.rpm	3a8e3594c4cb71439b1787c892a2868f28a3b7dd14ff0d738eafd9ad77d4ebd5
x86_64	weldr-client-35.9-1.el9.x86_64.rpm	a6d6467f2eb2b70eb0956742de2f9988806b413dd33210dc0122f7b7ab8cbc41
x86_64	osbuild-composer-worker-76-2.el9_2.alma.x86_64.rpm	c494644787d817a559b1b5eeefdf2c3617093e57d55975b50eb6f955c5d8b825
x86_64	osbuild-composer-76-2.el9_2.alma.x86_64.rpm	daec93ddb30f35f528af8e180067d6507ee0472ffa411996cf9f227b9b306377
x86_64	osbuild-composer-dnf-json-76-2.el9_2.alma.x86_64.rpm	eff8826934dd1a055941e6e4f5a8f12c8360c0227ff159fc526c1fc1684ec985

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.