Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 37: 2023-c0149844e2 Critical: Containernetworking Memory Growth

fedora
Calendar Grey March 18, 2023
Dist Fedora Esm H88
This patch resolves CVE-2022-41716, improving the security measures of Fedora's network-plugin tools for superior efficiency.
Resolves: 2161274, 2163068 - Rebuild for CVE-2022-41717

Summary

The CNI (Container Network Interface) project consists of a specification

and libraries for writing plugins to configure network interfaces in Linux

containers, along with a number of supported plugins. CNI concerns itself

only with network connectivity of containers and removing allocated resources

when the container is deleted.

Resolves: 2161274, 2163068 - Rebuild for CVE-2022-41717

* Wed Mar 8 2023 Lokesh Mandvekar - 1.1.1-16

- Resolves: #2161274, #2163068 - Rebuild for CVE-2022-41717

* Mon Mar 6 2023 Lokesh Mandvekar - 1.1.1-15

- migrated to SPDX license

* Thu Jan 19 2023 Fedora Release Engineering - 1.1.1-14

- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

* Fri Oct 28 2022 Troy Dawson - 1.1.1-13

- Add ExclusiveArch

* Mon Oct 10 2022 Lokesh Mandvekar - 1.1.1-12

- remove debbuild macros to comply with Fedora guidelines

* Thu Aug 18 2022 Lokesh Mandvekar - 1.1.1-11

- no bundled provides for debbuild

* Wed Aug 17 2022 Lokesh Mandvekar - 1.1.1-10

- use easier tag macros to make both fedora and debbuild happy

* Tue Aug 16 2022 Lokesh Mandvekar - 1.1.1-9

- enable debbuild

[ 1 ] Bug #2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

https://bugzilla.redhat.com/show_bug.cgi?id=2161274

su -c 'dnf upgrade --advisory FEDORA-2023-c0149844e2' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory update critical memory growth containernetworking CNI plugin Fedora 37

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 37
Version: 1.1.1
Release: 16.fc37
URL: https://github.com/containernetworking/plugins
Summary: Libraries for writing CNI plugin

Topics%20covered

Topics Covered

security advisory update critical memory growth containernetworking CNI plugin Fedora 37

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here