[ALSA-2023:2236] Moderate: toolbox security and bug fix update
Type:
security
Severity:
moderate
Release date:
2023-05-12
Description:
Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix(es): * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 toolbox-tests-0.0.99.3-9.el9.aarch64.rpm 1b3571e0e78c7b674aae08b20638cc61a084abeb4d1ac0730fd8caf3c7640d59
aarch64 toolbox-0.0.99.3-9.el9.aarch64.rpm fb0975147a5c2ffef5272ea94a7ed46d0295b7e52fa122d7f34734eaead239e8
ppc64le toolbox-tests-0.0.99.3-9.el9.ppc64le.rpm dc3fb0528d579c1d8931175efb74e0a1c873900a494ffcf3f4e6fb7d9b49c77c
ppc64le toolbox-0.0.99.3-9.el9.ppc64le.rpm ee1ba201cd0c6a25632b254603ac09d5d641c8d4c92296df2b09c695af0f9f1d
s390x toolbox-0.0.99.3-9.el9.s390x.rpm 51229c7bc20a726d8ba45acea35555c4f9f08955a822eaebd6a9b7d2b90b5d12
s390x toolbox-tests-0.0.99.3-9.el9.s390x.rpm b7d39e7c2e24d14757e0341f5215c0bf5e039927447c5da27becb4970e96a8d2
x86_64 toolbox-tests-0.0.99.3-9.el9.x86_64.rpm 4249f471143dfc033a371dfb39a724523003b197fd073ead5bafc102906ff2b6
x86_64 toolbox-0.0.99.3-9.el9.x86_64.rpm 863548d1d0c01f32fb026d50ae90e062b06a1bb5e02df3680dcb7b260a374f91
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.