Alma Linux: CVE-2023-45290: Moderate: podman security and bug fix update (Multiple Advisories)
Description
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
Solution(s)
- alma-upgrade-buildah
- alma-upgrade-buildah-tests
- alma-upgrade-containernetworking-plugins
- alma-upgrade-git-lfs
- alma-upgrade-go-toolset
- alma-upgrade-golang
- alma-upgrade-golang-bin
- alma-upgrade-golang-docs
- alma-upgrade-golang-misc
- alma-upgrade-golang-src
- alma-upgrade-golang-tests
- alma-upgrade-gvisor-tap-vsock
- alma-upgrade-podman
- alma-upgrade-podman-docker
- alma-upgrade-podman-plugins
- alma-upgrade-podman-remote
- alma-upgrade-podman-tests
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center