Overview

File _patchinfo of Package patchinfo.35539

<patchinfo incident="35539">
  <issue tracker="cve" id="2023-45142"/>
  <issue tracker="cve" id="2023-47108"/>
  <issue tracker="cve" id="2023-45288"/>
  <issue tracker="bnc" id="1217070">VUL-0: CVE-2023-47108: TRACKERBUG: otelgrpc: DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics</issue>
  <issue tracker="bnc" id="1221400">VUL-0: CVE-2023-45288: go1.21,go1.22: net/http, x/net/http2: close connections when receiving too many headers</issue>
  <issue tracker="bnc" id="1224323">VUL-0: containerd: mitigate power-based side channel attacks (advisory GHSA-jq35-85cj-fj4p)</issue>
  <issue tracker="bnc" id="1217952">containerd "address" file is world writable [ ref:_00D1igLOd._500Tr2EFhF:ref ]</issue>
  <issue tracker="bnc" id="1228553">VUL-0: CVE-2023-45142: TRACKERBUG: otelhttp,otelhttptrace,otelrestful: DoS vulnerability</issue>
  <packager>cyphar</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for containerd</summary>
  <description>This update for containerd fixes the following issues:

- Update to containerd v1.7.21
- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070)
- CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places