Overview

File _patchinfo of Package patchinfo.35689

<patchinfo incident="35689">
  <issue tracker="bnc" id="1216109">VUL-0: CVE-2023-39325: go1.20,go1.21: net/http: rapid stream resets can cause excessive work</issue>
  <issue tracker="bnc" id="1216123">VUL-0: CVE-2023-44487: TRACKER-BUG: HTTP/2 Rapid Reset Attack</issue>
  <issue tracker="bnc" id="1221400">VUL-0: CVE-2023-45288: go1.21,go1.22: net/http, x/net/http2: close connections when receiving too many headers</issue>
  <issue tracker="bnc" id="1226136">VUL-0: CVE-2024-24786: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON</issue>
  <issue tracker="bnc" id="1229858">VUL-0: kubernetes1.28: built against EOL of GO</issue>
  <issue tracker="bnc" id="1229869">VUL-0: kubernetes1.24,kubernetes1.25,kubernetes1.26,kubernetes1.27,kubernetes1.28: x/net/http2 affected by CVE-2023-44487,CVE-2023-39325,CVE-2023-45288</issue>
  <issue tracker="bnc" id="1229867">VUL-0: CVE-2024-24786: kubernetes1.24,kubernetes1.25,kubernetes1.26,kubernetes1.27,kubernetes1.28: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON</issue>
  <issue tracker="bnc" id="1230323">VUL-0: CVE-2023-39325: TRACKERBUG: golang.org/x/net/http2: rapid stream resets can cause excessive work</issue>
  <issue tracker="cve" id="2023-39325"/>
  <issue tracker="cve" id="2023-44487"/>
  <issue tracker="cve" id="2023-45288"/>
  <issue tracker="cve" id="2024-24786"/>
  <packager>psaggu</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for kubernetes1.24</summary>
  <description>This update for kubernetes1.24 fixes the following issues:

- CVE-2023-39325: go1.20: excessive resource consumption when dealing with rapid stream resets. (bsc#1229869)  
- CVE-2023-44487: google.golang.org/grpc, kube-apiserver: HTTP/2 rapid reset vulnerability. (bsc#1229869)
- CVE-2023-45288: golang.org/x/net: excessive CPU consumption when processing unlimited sets of headers. (bsc#1229869)
- CVE-2024-24786: github.com/golang/protobuf: infinite loop when unmarshaling invalid JSON. (bsc#1229867)

Bug fixes:

- Update go to version 1.22.5 in build requirements. (bsc#1229858)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places