Red Hat Security Advisory: container-tools:rhel8 security update

CVE-2018-25091 — urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect CVE-2021-33198 — golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents CVE-2021-34558 — golang: crypto/tls: certificate of wrong type is causing TLS client to panic CVE-2022-2879 — golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers CVE-2022-2880 — golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-41715 — golang: regexp/syntax: limit memory used by parsing regexps CVE-2023-29409 — golang: crypto/tls: slow verification of certificate chains containing large RSA keys CVE-2023-39318 — golang: html/template: improper handling of HTML-like comments within script contexts CVE-2023-39319 — golang: html/template: improper handling of special tags within script contexts CVE-2023-39321 — golang: crypto/tls: panic when processing post-handshake message on QUIC connections CVE-2023-39322 — golang: crypto/tls: lack of a limit on buffered post-handshake CVE-2023-39326 — golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests CVE-2023-45287 — golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. CVE-2023-45803 — urllib3: Request body not stripped after redirect from 303 status changes request method to GET CVE-2023-48795 — ssh: Prefix truncation attack on Binary Packet Protocol (BPP) CVE-2024-23650 — moby/buildkit: Possible race condition with accessing subpaths from cache mounts