Lucene search
RedHatRHSA-2024:2180HistoryApr 30, 2024 - 6:14 a.m.
(RHSA-2024:2180) Moderate: runc security update
2024-04-3006:14:58
access.redhat.com
4
runc
security update
red hat enterprise linux
vulnerabilities
moderate
golang
cve
ocf
container runtime
stack exhaustion
timing side channel
rsa
tls
red hat enterprise linux 9.4
security fix
0.002 Low
EPSS
Percentile
55.5%
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
Security Fix(es):
-
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
-
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
-
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
-
golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 9 | ppc64le | runc-debuginfo | < 1.1.12-2.el9 | runc-debuginfo-1.1.12-2.el9.ppc64le.rpm |
| RedHat | 9 | aarch64 | runc | < 1.1.12-2.el9 | runc-1.1.12-2.el9.aarch64.rpm |
| RedHat | 9 | s390x | runc | < 1.1.12-2.el9 | runc-1.1.12-2.el9.s390x.rpm |
| RedHat | 9 | ppc64le | runc | < 1.1.12-2.el9 | runc-1.1.12-2.el9.ppc64le.rpm |
| RedHat | 9 | aarch64 | runc-debuginfo | < 1.1.12-2.el9 | runc-debuginfo-1.1.12-2.el9.aarch64.rpm |
| RedHat | 9 | aarch64 | runc-debugsource | < 1.1.12-2.el9 | runc-debugsource-1.1.12-2.el9.aarch64.rpm |
| RedHat | 9 | s390x | runc-debuginfo | < 1.1.12-2.el9 | runc-debuginfo-1.1.12-2.el9.s390x.rpm |
| RedHat | 9 | x86_64 | runc | < 1.1.12-2.el9 | runc-1.1.12-2.el9.x86_64.rpm |
| RedHat | 9 | x86_64 | runc-debugsource | < 1.1.12-2.el9 | runc-debugsource-1.1.12-2.el9.x86_64.rpm |
| RedHat | 9 | ppc64le | runc-debugsource | < 1.1.12-2.el9 | runc-debugsource-1.1.12-2.el9.ppc64le.rpm |
Related
oraclelinux
oraclelinux
runc security update
2024-05-02 00:00:00
grafana-pcp security update
2022-11-15 00:00:00
grafana-pcp security update
2022-11-22 00:00:00
nessus
nessus
RHEL 9 : runc (RHSA-2024:2180)
2024-04-30 00:00:00
Oracle Linux 9 : runc (ELSA-2024-2180)
2024-05-06 00:00:00
Rocky Linux 9 : toolbox (RLSA-2022:8098)
2023-01-25 00:00:00
almalinux
almalinux
Moderate: runc security update
2024-04-30 00:00:00
Moderate: toolbox security and bug fix update
2022-11-15 00:00:00
Moderate: grafana-pcp security update
2022-11-08 00:00:00
osv
osv
Moderate: runc security update
2024-04-30 00:00:00
Moderate: toolbox security and bug fix update
2022-11-15 00:00:00
Moderate: toolbox security and bug fix update
2022-11-15 06:15:31
redhat
redhat
(RHSA-2022:8098) Moderate: toolbox security and bug fix update
2022-11-15 06:15:31
(RHSA-2022:7648) Moderate: grafana-pcp security update
2022-11-08 06:25:29
(RHSA-2022:8250) Moderate: grafana-pcp security update
2022-11-15 06:19:30
rocky
rocky
toolbox security and bug fix update
2022-11-15 06:15:31
grafana-pcp security update
2022-11-15 06:19:30
grafana-pcp security update
2022-11-08 06:25:29
prion
prion
Design/Logic Flaw
2023-12-05 17:15:00
Design/Logic Flaw
2022-08-10 20:15:00
Privilege escalation
2022-08-10 20:15:00
redhatcve
redhatcve
cvelist
cvelist
CVE-2023-45287 Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel
2023-12-05 16:18:06
CVE-2022-30630 Stack exhaustion in Glob on certain paths in io/fs
2022-08-09 20:17:15
CVE-2022-30632 Stack exhaustion on crafted paths in path/filepath
2022-08-09 20:15:37
cbl_mariner
cbl_mariner
CVE-2023-45287 affecting package golang for versions less than 1.21.6-1
2024-05-20 03:07:23
CVE-2022-30632 affecting package golang 1.18.3-1
2022-09-17 05:56:44
CVE-2022-30630 affecting package golang 1.18.3-1
2022-09-17 05:56:44
veracode
veracode
Timing Attack
2023-12-07 11:35:51
Denial Of Service (DoS)
2022-07-25 13:14:49
Denial Of Service (DoS)
2022-07-25 12:47:18
ubuntucve
ubuntucve
cgr
cgr
CVE-2023-45287 vulnerabilities
2024-05-19 03:07:16
ibm
ibm
cve
cve
debiancve
debiancve
wolfi
wolfi
CVE-2023-45287 vulnerabilities
2024-05-20 03:07:17
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0262)
2022-07-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2671-1)
2022-08-05 00:00:00
openSUSE: Security Advisory for go1.17 (SUSE-SU-2022:2671-1)
2022-08-05 00:00:00
alpinelinux
alpinelinux
mageia
mageia
Updated golang packages fix security vulnerability
2022-07-16 22:58:20
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.18.4-alt1
2022-07-28 00:00:00
Security fix for the ALT Linux 10 package golang version 1.17.12-alt1.p10
2022-07-29 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2022-07-12 00:00:00
suse
suse
Security update for go1.18 (important)
2022-08-04 00:00:00
Security update for go1.17 (important)
2022-08-04 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0242
2022-09-07 00:00:00