[ALSA-2023:2367] Moderate: containernetworking-plugins security and bug fix update
Release date:
The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. Security Fix(es): * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 containernetworking-plugins-1.2.0-1.el9.aarch64.rpm 6628d448ec4017a874cd125bf6bdede760c80e16affbbf18f8e00980ec60b574
ppc64le containernetworking-plugins-1.2.0-1.el9.ppc64le.rpm abfd41c3f9ab3be2d1e53521bb8f633eb2030f4def54fe105e185d958af9e381
s390x containernetworking-plugins-1.2.0-1.el9.s390x.rpm 371920f2903d6d063d5a338ae7432138d375febf19e658210707d257225f4ea6
x86_64 containernetworking-plugins-1.2.0-1.el9.x86_64.rpm e65dd2ee6a03110099f869a80b900c12c797b1815e9bfcbe18c911ca2d35c7bd
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.