Product Errata

RLSA-2024:3830

Moderate: gvisor-tap-vsock security and bug fix update

Topic

An update is available for gvisor-tap-vsock.

This update affects Rocky Linux 9.

A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Description

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.

Security Fix(es):

* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

Issued: 6/14/2024

Type: Security

Severity: Moderate

Affected Product

  • Rocky Linux 9

References

  • No references