File _patchinfo of Package patchinfo.35415
<patchinfo incident="35415">
<issue tracker="cve" id="2023-44487"/>
<issue tracker="cve" id="2024-24786"/>
<issue tracker="cve" id="2023-39325"/>
<issue tracker="cve" id="2023-45288"/>
<issue tracker="bnc" id="1229869">VUL-0: kubernetes1.28: x/net affected by CVE-2023-44487,CVE-2023-39325,CVE-2023-45288</issue>
<issue tracker="bnc" id="1229867">VUL-0: CVE-2024-24786: kubernetes1.24,kubernetes1.25,kubernetes1.26,kubernetes1.27,kubernetes1.28: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON</issue>
<issue tracker="bnc" id="1229858">VUL-0: kubernetes1.28: built against EOL of GO</issue>
<packager>psaggu</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for kubernetes1.27</summary>
<description>This update for kubernetes1.27 fixes the following issues:
Update kubernetes to version 1.27.16
- CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf (bsc#1229867)
- CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1229869)
- CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1229869)
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack in net/http (bsc#1229869)
Other fixes:
- Update go to version v1.22.5 (bsc#1229858)
</description>
</patchinfo>
