File _patchinfo of Package patchinfo.35235

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.35235

<patchinfo incident="35235">
  <issue tracker="bnc" id="1229869">VUL-0: kubernetes1.28: x/net affected by CVE-2023-44487,CVE-2023-39325,CVE-2023-45288</issue>
  <issue tracker="bnc" id="1062303">trackerbug: packages do not build reproducibly from randomness</issue>
  <issue tracker="bnc" id="1229867">VUL-0: CVE-2024-24786: kubernetes1.24,kubernetes1.25,kubernetes1.26,kubernetes1.27,kubernetes1.28: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON</issue>                                          
  <issue tracker="bnc" id="1229858">VUL-0: kubernetes1.28: built against EOL of GO</issue>
  <issue tracker="bnc" id="1229008">installing kubernetes1.23-client also installs kubernetes1.28-client and kubernetes1.28-client-common</issue>
  <issue tracker="cve" id="2024-24786"/>
  <issue tracker="cve" id="2023-39325"/>
  <issue tracker="cve" id="2023-44487"/>
  <packager>psaggu</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for kubernetes1.26</summary>
  <description>This update for kubernetes1.26 fixes the following issues:

Update kubernetes to version 1.26.15:
- CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf (bsc#1229867)
- CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1229869)
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack in net/http (bsc#1229869)
    
Other fixes:    
- Fixed packages required by kubernetes1.26-client installation (bsc#1229008)
- Update go to version v1.22.5 (bsc#1229858)
- Add upstream patch for reproducible builds (bsc#1062303)
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.35235

Places