[ALSA-2024:2160] Moderate: toolbox security update
Type:
security
Severity:
moderate
Release date:
2024-05-07
Description:
Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix(es): * golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318) * golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319) * golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 toolbox-tests-0.0.99.5-2.el9.aarch64.rpm 3b14f621b7608ca7e3f65edd56f03875fdd12bbede31ccbc6930a58412a810c4
aarch64 toolbox-0.0.99.5-2.el9.aarch64.rpm 43003a2c062e7c777d118a18c576e42f44d3de4f5dccf2b0ef1cb03c956b6261
ppc64le toolbox-tests-0.0.99.5-2.el9.ppc64le.rpm 0cea43e4dd084378c710810adc4c1e94b7cd3e17eef765f6ff78994d1b36b065
ppc64le toolbox-0.0.99.5-2.el9.ppc64le.rpm dedc370899e3541ad768b79193d061acaf488293b38af897e416c47d742d5412
s390x toolbox-tests-0.0.99.5-2.el9.s390x.rpm 160ab589efdb1e92d1b1bc530915309a3a4fa9b61b19022ec8b0b50b6fe6ac68
s390x toolbox-0.0.99.5-2.el9.s390x.rpm 9d10eeceb65597b8a42dbccc4fc5216ab97d1d1e9ccccaefa08647083f41d65f
x86_64 toolbox-0.0.99.5-2.el9.x86_64.rpm 495601d579ebe2c41e8c7a941ffd9aca99449c505d01e86a606438b54c417e61
x86_64 toolbox-tests-0.0.99.5-2.el9.x86_64.rpm 4da95255ba247639ddf8ebb3aab18ed7f19668fe3533748c9f94d11bc734d19b
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.