All errata/p11/ALT-PU-2026-1931-3
ALT-PU-2026-1931-3

Package update cri-o1.32 in branch p11

Version1.32.11-alt1
Task#406533
Published2026-02-03
Max severityMEDIUM
Severity:

Closed issues (2)

BDU:2025-14528
MEDIUM4.3

Уязвимость компонента tar.Reader языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-11-21Modified: 2026-04-20
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References
CVE-2025-58183
MEDIUM4.3

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

Published: 2025-10-29Modified: 2026-04-15
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
References