[ALSA-2024:6187] Moderate: gvisor-tap-vsock security update
Type:
security
Severity:
moderate
Release date:
2024-09-03
Description:
A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fix(es): * golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 gvisor-tap-vsock-0.7.3-5.el9_4.alma.1.aarch64.rpm 0055c76bf99c94a86ccaee8f2e4e268225aeb24ed04b5aaa7416997580d65c2f
ppc64le gvisor-tap-vsock-0.7.3-5.el9_4.alma.1.ppc64le.rpm f840429eb3bd15a5bd40811fa7e14564427ce57b9d775c894f8c3364150f9b68
s390x gvisor-tap-vsock-0.7.3-5.el9_4.alma.1.s390x.rpm 0243834f1d37a1588bd8a06bac950d03093444a0fc95489aa0720b61b331082b
x86_64 gvisor-tap-vsock-0.7.3-5.el9_4.alma.1.x86_64.rpm 9ead0ab6697894fe8f9a702a50b9907aa49b8331eacb4b1d374a69cb0d5b322c
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.