[ALSA-2023:6346] Moderate: toolbox security and bug fix update
Release date:
Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix(es): * go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents (CVE-2022-3064) * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) * golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725) * golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) * golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) * golang: html/template: backticks not treated as string delimiters (CVE-2023-24538) * golang: html/template: improper sanitization of CSS values (CVE-2023-24539) * golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400) * golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 toolbox-tests- c47ffb47a8211c3af430dbe75e2e995f8add0eded894003c061f30c07a1747e1
aarch64 toolbox- cd624da414b58373445a2723d7734dbd6f32e9af17d7050ec5f92a1fd872dd81
ppc64le toolbox- bdf00125168872500d054767c500a237e4d306b50164518f663db75045b6f2ab
ppc64le toolbox-tests- dd8a3b93e08123028384be4833e1777deec61b0b78448b0c52fb3d1a05dd6591
s390x toolbox-tests- 727fa3a5d3284a41bd5a6d5b881e419d133207944c89cb74aebbf72e5e7e8134
s390x toolbox- cc4b88aa654d722001a6c974cd5739dc49ae032bbb32e0e4f8dd007f5e9b745e
x86_64 toolbox- 461edd29647551d997fe4732bf4ee565b6a1fb4310f63db7c087a01ab8233ad7
x86_64 toolbox-tests- 4d56dcbf34f20e64089677511ef37220cd382c284a4aefd86b1d66f79756d648
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.