Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
almalinuxAlmaLinuxALSA-2024:5258
HistoryAug 13, 2024 - 12:00 a.m.

Important: container-tools:rhel8 security update

2024-08-1300:00:00
errata.almalinux.org
3
container-tools
rhel8
security fix
memory leaks
memory exhaustion
cve-2024-1394
cve-2023-45290
cve-2024-24783
cve-2024-24784
cve-2024-3727
cve-2024-24789
cve-2024-6104
cve-2024-37298
references
unix

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

30.9%

JSON

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)
  • golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
  • golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
  • golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
  • containers/image: digest type does not guarantee valid type (CVE-2024-3727)
  • golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)
  • go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)
  • gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization (CVE-2024-37298)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8noarchpodman-docker< 4.9.4-12.module_el8.10.0+3876+e55593a8podman-docker-4.9.4-12.module_el8.10.0+3876+e55593a8.noarch.rpm
almalinux8noarchpython3-podman< 4.9.0-2.module_el8.10.0+3876+e55593a8python3-podman-4.9.0-2.module_el8.10.0+3876+e55593a8.noarch.rpm
almalinux8noarchcontainer-selinux< 2.229.0-2.module_el8.10.0+3876+e55593a8container-selinux-2.229.0-2.module_el8.10.0+3876+e55593a8.noarch.rpm
almalinux8noarchcockpit-podman< 84.1-1.module_el8.10.0+3858+6ad51f9fcockpit-podman-84.1-1.module_el8.10.0+3858+6ad51f9f.noarch.rpm
almalinux8noarchudica< 0.2.6-21.module_el8.10.0+3858+6ad51f9fudica-0.2.6-21.module_el8.10.0+3858+6ad51f9f.noarch.rpm
almalinux8x86_64slirp4netns< 1.2.3-1.module_el8.10.0+3845+87b84552slirp4netns-1.2.3-1.module_el8.10.0+3845+87b84552.x86_64.rpm
almalinux8x86_64criu-devel< 3.18-5.module_el8.10.0+3876+e55593a8criu-devel-3.18-5.module_el8.10.0+3876+e55593a8.x86_64.rpm
almalinux8x86_64podman-tests< 4.9.4-12.module_el8.10.0+3876+e55593a8podman-tests-4.9.4-12.module_el8.10.0+3876+e55593a8.x86_64.rpm
almalinux8x86_64libslirp-devel< 4.4.0-2.module_el8.10.0+3876+e55593a8libslirp-devel-4.4.0-2.module_el8.10.0+3876+e55593a8.x86_64.rpm
almalinux8x86_64toolbox< 0.0.99.5-2.module_el8.10.0+3845+87b84552toolbox-0.0.99.5-2.module_el8.10.0+3845+87b84552.x86_64.rpm
Rows per page:
1-10 of 1211

Related

oraclelinux 6
osv 51
nessus 55
redhat 23
rocky 5
almalinux 5
freebsd 1
openvas 17
ibm 3
fedora 4
ubuntu 1
amazon 1
ubuntucve 2
cve 1
wolfi 1
cvelist 1
nvd 2
cbl_mariner 9
vulnrichment 1
debiancve 2
redhatcve 1
github 2
veracode 1
redos 4
oraclelinux
oraclelinux
container-tools:ol8 security update
2024-08-13 00:00:00
podman security update
2024-09-03 00:00:00
golang security update
2024-05-07 00:00:00
osv
osv
Important: container-tools:rhel8 security update
2024-08-21 14:52:31
Important: container-tools:rhel8 security update
2024-08-13 00:00:00
Important: podman security update
2024-09-03 00:00:00
nessus
nessus
Oracle Linux 8 : container-tools:ol8 (ELSA-2024-5258)
2024-08-14 00:00:00
Rocky Linux 8 : container-tools:rhel8 (RLSA-2024:5258)
2024-08-21 00:00:00
AlmaLinux 8 : container-tools:rhel8 (ALSA-2024:5258)
2024-08-14 00:00:00
redhat
redhat
(RHSA-2024:5258) Important: container-tools:rhel8 security update
2024-08-13 00:07:35
(RHSA-2024:5634) Important: podman security update
2024-08-20 15:39:15
(RHSA-2024:6194) Important: podman security update
2024-09-03 05:31:21
rocky
rocky
container-tools:rhel8 security update
2024-08-21 14:52:31
golang security update
2024-05-10 14:32:42
go-toolset:rhel8 security update
2024-06-14 13:59:30
almalinux
almalinux
Important: podman security update
2024-09-03 00:00:00
Important: golang security update
2024-04-30 00:00:00
Important: go-toolset:rhel8 security update
2024-05-22 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2024-03-05 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0811-1)
2024-03-11 00:00:00
openSUSE: Security Advisory for go1.22 (SUSE-SU-2024:0812-1)
2024-03-25 00:00:00
Fedora: Security Advisory (FEDORA-2024-35147eb6ad)
2024-08-08 00:00:00
ibm
ibm
Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go (CVE-2024-24785, CVE-2023-45289, CVE-2024-24783, CVE-2023-45290, CVE-2024-24784)
2024-07-01 05:56:51
Security Bulletin: Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to Go vulnerabilities CVE-2023-45290, CVE-2024-24783, CVE-2024-24785, CVE-2023-45289, CVE-2024-24784 & CVE-2024-24788
2024-07-24 11:02:46
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go
2024-08-22 00:19:22
fedora
fedora
[SECURITY] Fedora 40 Update: opentofu-1.8.0-1.fc40
2024-08-08 02:44:49
[SECURITY] Fedora 39 Update: opentofu-1.8.0-1.fc39
2024-08-08 02:40:49
[SECURITY] Fedora 40 Update: apptainer-1.3.2-1.fc40
2024-06-06 01:38:58
ubuntu
ubuntu
Go vulnerabilities
2024-07-09 00:00:00
amazon
amazon
Medium: golang
2024-05-23 22:04:00
ubuntucve
ubuntucve
CVE-2024-37298
2024-07-01 00:00:00
CVE-2024-3727
2024-05-14 00:00:00
cve
cve
CVE-2024-37298
2024-07-01 19:15:04
wolfi
wolfi
CVE-2024-37298 vulnerabilities
2024-09-18 21:11:55
cvelist
cvelist
CVE-2024-37298 Potential memory exhaustion attack due to sparse slice deserialization
2024-07-01 18:27:33
nvd
nvd
CVE-2024-37298
2024-07-01 19:15:04
CVE-2024-3727
2024-05-14 15:42:07
cbl_mariner
cbl_mariner
CVE-2024-37298 affecting package libcontainers-common for versions less than 20240213-2
2024-07-23 02:21:02
CVE-2024-37298 affecting package telegraf for versions less than 1.29.4-7
2024-07-18 16:30:05
CVE-2024-37298 affecting package libcontainers-common for versions less than 20210626-4
2024-08-05 03:22:58
vulnrichment
vulnrichment
CVE-2024-37298 Potential memory exhaustion attack due to sparse slice deserialization
2024-07-01 18:27:33
debiancve
debiancve
CVE-2024-37298
2024-07-01 19:15:04
CVE-2024-3727
2024-05-14 15:42:07
redhatcve
redhatcve
CVE-2024-37298
2024-07-02 15:56:45
github
github
Potential memory exhaustion attack due to sparse slice deserialization
2024-07-01 20:35:12
github.com/containers/image allows unexpected authenticated registry accesses
2024-05-14 18:30:52
veracode
veracode
Denial Of Service (DoS)
2024-07-02 06:16:54
redos
redos
ROS-20240805-08
2024-08-05 00:00:00
ROS-20240729-16
2024-07-29 00:00:00
ROS-20240719-01
2024-07-19 00:00:00

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

30.9%

JSON
Related for ALSA-2024:5258
oraclelinux6osv51nessus55redhat23rocky5almalinux5freebsd1openvas17ibm3fedora4ubuntu1amazon1ubuntucve2cve1wolfi1cvelist1nvd2cbl_mariner9vulnrichment1debiancve2redhatcve1github2veracode1redos4