[ALSA-2024:4379] Important: gvisor-tap-vsock security update
Type:
security
Severity:
important
Release date:
2024-07-09
Description:
A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fix(es): * golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 gvisor-tap-vsock-0.7.3-4.el9_4.alma.1.aarch64.rpm 02674079c275ebe101c4666ec2905a99fb86cf264f3bab0ca718508e34e89e34
ppc64le gvisor-tap-vsock-0.7.3-4.el9_4.alma.1.ppc64le.rpm 4eeeb4831c97ce187c6bb9d8ee20e25bc496ec4c6c556af2caf59cdd9202f52d
s390x gvisor-tap-vsock-0.7.3-4.el9_4.alma.1.s390x.rpm 6b51e36fd71d31dd656c727ea2825c73fa4431906363adc00509395e2aa269a6
x86_64 gvisor-tap-vsock-0.7.3-4.el9_4.alma.1.x86_64.rpm 8888f87707f8fb75c8424448405f08a6553372d7bc8080f974d0f2854abee5d5
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.