Overview

File _patchinfo of Package patchinfo.34007

<patchinfo incident="34007">
  <issue tracker="cve" id="2023-45288"/>
  <issue tracker="bnc" id="1221400">VUL-0: CVE-2023-45288: go1.21,go1.22: net/http, x/net/http2: close connections when receiving too many headers</issue>
  <issue tracker="bnc" id="1224323">VUL-0: containerd: mitigate power-based side channel attacks (advisory GHSA-jq35-85cj-fj4p)</issue>
  <packager>cyphar</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for containerd</summary>
  <description>This update for containerd fixes the following issues:

Update to containerd v1.7.17.

- CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400).
- Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places