从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞编号:RHSA-2024:8425 2. 发布日期:2024年10月31日 3. 受影响的产品:Red Hat OpenShift Container Platform 4.15 4. 类型/严重性:安全更新,重要 5. 描述:Red Hat OpenShift Container Platform 4.15.37版本发布,包含修复多个bug和增强功能的更新。Red Hat Product Security将此更新的严重性评级为重要。 6. 安全修复: - encoding/gob: gobang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156) - Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (CVE-2024-9341) - Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (CVE-2024-9676) - go/parser: gobang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155) - go/build/constraint: gobang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158) 7. 解决方案:建议所有Red Hat OpenShift Container Platform 4.15用户升级到此版本,以应用修复的包和图像。 8. 受影响的产品列表: - Red Hat OpenShift Container Platform 4.15 for RHEL 9 x86_64 - Red Hat OpenShift Container Platform 4.15 for RHEL 8 x86_64 - Red Hat OpenShift Container Platform for Power 4.15 for RHEL 9 ppc64le - Red Hat OpenShift Container Platform for Power 4.15 for RHEL 8 ppc64le - Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.15 for RHEL 9 s390x - Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.15 for RHEL 8 s390x - Red Hat OpenShift Container Platform for ARM 64 4.15 for RHEL 9 aarch64 - Red Hat OpenShift Container Platform for ARM 64 4.15 for RHEL 8 aarch64 9. CVE编号: - CVE-2024-9341 - CVE-2024-9676 - CVE-2024-34155 - CVE-2024-34156 - CVE-2024-34158 这些信息提供了关于漏洞的详细描述、受影响的产品、安全修复和解决方案等关键细节。