ALSA-2023:2193

See a problem?
Please try reporting it to the source first.

Source

https://errata.almalinux.org/9/ALSA-2023-2193.html

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:2193.json

JSON Data

https://api.osv.dev/v1/vulns/ALSA-2023:2193

Related

Published

2023-05-09T00:00:00Z

Modified

2023-05-12T12:18:29Z

Summary

Moderate: butane security, bug fix, and enhancement update

Details

Butane translates human-readable Butane Configs into machine-readable Ignition configs for provisioning operating systems that use Ignition.

The following packages have been upgraded to a later upstream version: butane (0.16.0). (BZ#2135475)

Security Fix(es):

golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:9 / butane

Package

Name: butane

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.16.0-1.el9