Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-7109-1

Ubuntu Security Notice 7109-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.

Packet Storm
#xss#vulnerability#ubuntu#dos#js#java#perl#ssl

==========================================================================
Ubuntu Security Notice USN-7109-1
November 14, 2024

golang-1.18 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Go.

Software Description:

  • golang-1.18: Go programming language compiler - metapackage

Details:

Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2
streams. An attacker could possibly use this issue to cause a denial of
service. (CVE-2022-41723)

Marten Seemann discovered that Go did not properly manage memory under
certain circumstances. An attacker could possibly use this issue to cause
a panic resulting in a denial of service. (CVE-2022-41724)

Ameya Darshan and Jakob Ackermann discovered that Go did not properly
validate the amount of memory and disk files ReadForm can consume. An
attacker could possibly use this issue to cause a panic resulting in a
denial of service. (CVE-2022-41725)

Hunter Wittenborn discovered that Go incorrectly handled the sanitization
of environment variables. An attacker could possibly use this issue to run
arbitrary commands. (CVE-2023-24531)

Jakob Ackermann discovered that Go incorrectly handled multipart
forms. An attacker could possibly use this issue to consume an excessive
amount of resources, resulting in a denial of service. (CVE-2023-24536)

Juho Nurminen discovered that Go incorrectly handled certain special
characters in directory or file paths. An attacker could possibly use
this issue to inject code into the resulting binaries. (CVE-2023-29402)

Vincent Dehors discovered that Go incorrectly handled permission bits.
An attacker could possibly use this issue to read or write files with
elevated privileges. (CVE-2023-29403)

Juho Nurminen discovered that Go incorrectly handled certain compiler
directives. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2023-29404)

Juho Nurminen discovered that Go incorrectly handled certain crafted
arguments. An attacker could possibly use this issue to execute arbitrary
code at build time. (CVE-2023-29405)

Bartek Nowotarski discovered that Go incorrectly validated the contents of
host headers. A remote attacker could possibly use this issue to inject
additional headers or entire requests. (CVE-2023-29406)

Takeshi Kaneko discovered that Go did not properly handle comments and
special tags in the script context of html/template module. An attacker
could possibly use this issue to inject Javascript code and perform a
cross-site scripting attack. (CVE-2023-39318, CVE-2023-39319)

It was discovered that Go did not properly validate the “//go:cgo_”
directives during compilation. An attacker could possibly use this issue
to inject arbitrary code during compile time. (CVE-2023-39323)

It was discovered that Go did not limit the number of simultaneously
executing handler goroutines in the net/http module. An attacker could
possibly use this issue to cause a panic resulting in a denial of service.
(CVE-2023-39325)

Bartek Nowotarski was discovered that the Go net/http module did not
properly handle the requests when request’s headers exceed MaxHeaderBytes.
An attacker could possibly use this issue to cause a panic resulting into
a denial of service. (CVE-2023-45288)

Bartek Nowotarski discovered that the Go net/http module did not properly
validate the total size of the parsed form when parsing a multipart form.
An attacker could possibly use this issue to cause a panic resulting into a
denial of service. (CVE-2023-45290)

John Howard discovered that the Go crypto/x509 module did not properly
handle a certificate chain which contains a certificate with an unknown
public key algorithm. An attacker could possibly use this issue to cause
a panic resulting into a denial of service. (CVE-2024-24783)

Juho Nurminen discovered that the Go net/mail module did not properly
handle comments within display names in the ParseAddressList function.
An attacker could possibly use this issue to cause a panic resulting into
a denial of service. (CVE-2024-24784)

It was discovered that the Go html/template module did not validate errors
returned from MarshalJSON methods. An attacker could possibly use this
issue to inject arbitrary code into the Go template. (CVE-2024-24785)

Yufan You discovered that the Go archive/zip module did not properly
handle certain types of invalid zip files differs from the behavior of
most zip implementations. An attacker could possibly use this issue to
cause a panic resulting into a denial of service. (CVE-2024-24789)

Enze Wang and Jianjun Chen discovered that the Go net/netip module did
not work as expected for IPv4-mapped IPv6 addresses in various Is methods.
An attacker could possibly use this issue to cause a panic resulting into
a denial of service. (CVE-2024-24790)

Geoff Franks discovered that the Go net/http module did not properly
handle responses to requests with an “Expect: 100-continue” header under
certain circumstances. An attacker could possibly use this issue to
cause a denial of service. (CVE-2024-24791)

It was discovered that the Go parser module did not properly handle deeply
nested literal values. An attacker could possibly use this issue to cause
a panic resulting in a denial of service. (CVE-2024-34155)

Md Sakib Anwar discovered that the Go encoding/gob module did not properly
handle message decoding under certain circumstances. An attacker could
possibly use this issue to cause a panic resulting in a denial of service.
(CVE-2024-34156)

It was discovered that the Go build module did not properly handle certain
build tag lines with deeply nested expressions. An attacker could possibly
use this issue to cause a panic resulting in a denial of service.
(CVE-2024-34158)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
golang-1.18 1.18.1-1ubuntu1.2
golang-1.18-go 1.18.1-1ubuntu1.2
golang-1.18-src 1.18.1-1ubuntu1.2

Ubuntu 20.04 LTS
golang-1.18 1.18.1-1ubuntu1~20.04.3
golang-1.18-go 1.18.1-1ubuntu1~20.04.3
golang-1.18-src 1.18.1-1ubuntu1~20.04.3

Ubuntu 18.04 LTS
golang-1.18 1.18.1-1ubuntu1~18.04.4+esm1
Available with Ubuntu Pro
golang-1.18-go 1.18.1-1ubuntu1~18.04.4+esm1
Available with Ubuntu Pro
golang-1.18-src 1.18.1-1ubuntu1~18.04.4+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
golang-1.18 1.18.1-1ubuntu1~16.04.6+esm1
Available with Ubuntu Pro
golang-1.18-go 1.18.1-1ubuntu1~16.04.6+esm1
Available with Ubuntu Pro
golang-1.18-src 1.18.1-1ubuntu1~16.04.6+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7109-1
CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24531,
CVE-2023-24536, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404,
CVE-2023-29405, CVE-2023-29406, CVE-2023-39318, CVE-2023-39319,
CVE-2023-39323, CVE-2023-39325, CVE-2023-45288, CVE-2023-45290,
CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789,
CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34156,
CVE-2024-34158

Package Information:
https://launchpad.net/ubuntu/+source/golang-1.18/1.18.1-1ubuntu1.2
https://launchpad.net/ubuntu/+source/golang-1.18/1.18.1-1ubuntu1~20.04.3

Related news

Red Hat Security Advisory 2024-8704-03

Red Hat Security Advisory 2024-8704-03 - Kube Descheduler Operator for Red Hat OpenShift 5.0.2 for RHEL 9.

Red Hat Security Advisory 2024-9960-03

Red Hat Security Advisory 2024-9960-03 - OpenShift API for Data Protection 1.3.4 is now available. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-7111-1

Ubuntu Security Notice 7111-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.

Red Hat Security Advisory 2024-9583-03

Red Hat Security Advisory 2024-9583-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes a bug fix and security fixes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-9485-03

Red Hat Security Advisory 2024-9485-03 - Control plane Operators for RHOSO 18.0.3. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-9485-03

Red Hat Security Advisory 2024-9485-03 - Control plane Operators for RHOSO 18.0.3. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-9459-03

Red Hat Security Advisory 2024-9459-03 - An update for buildah is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-9459-03

Red Hat Security Advisory 2024-9459-03 - An update for buildah is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-9102-03

Red Hat Security Advisory 2024-9102-03 - An update for podman is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and information leakage vulnerabilities.

Red Hat Security Advisory 2024-9098-03

Red Hat Security Advisory 2024-9098-03 - An update for skopeo is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-9097-03

Red Hat Security Advisory 2024-9097-03 - An update for buildah is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-9089-03

Red Hat Security Advisory 2024-9089-03 - An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8697-03

Red Hat Security Advisory 2024-8697-03 - Red Hat OpenShift Container Platform release 4.14.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8697-03

Red Hat Security Advisory 2024-8697-03 - Red Hat OpenShift Container Platform release 4.14.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8697-03

Red Hat Security Advisory 2024-8697-03 - Red Hat OpenShift Container Platform release 4.14.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8697-03

Red Hat Security Advisory 2024-8697-03 - Red Hat OpenShift Container Platform release 4.14.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-5013-03

Red Hat Security Advisory 2024-5013-03 - Red Hat OpenShift Builds 1.1.0.

Red Hat Security Advisory 2024-5013-03

Red Hat Security Advisory 2024-5013-03 - Red Hat OpenShift Builds 1.1.0.

Red Hat Security Advisory 2024-8876-03

Red Hat Security Advisory 2024-8876-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-8425-03

Red Hat Security Advisory 2024-8425-03 - Red Hat OpenShift Container Platform release 4.15.37 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-8425-03

Red Hat Security Advisory 2024-8425-03 - Red Hat OpenShift Container Platform release 4.15.37 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-8425-03

Red Hat Security Advisory 2024-8425-03 - Red Hat OpenShift Container Platform release 4.15.37 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-8428-03

Red Hat Security Advisory 2024-8428-03 - Red Hat OpenShift Container Platform release 4.15.37 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-8428-03

Red Hat Security Advisory 2024-8428-03 - Red Hat OpenShift Container Platform release 4.15.37 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-8337-03

Red Hat Security Advisory 2024-8337-03 - Run Once Duration Override Operator for Red Hat OpenShift 1.1.2 for RHEL 9.

Red Hat Security Advisory 2024-8337-03

Red Hat Security Advisory 2024-8337-03 - Run Once Duration Override Operator for Red Hat OpenShift 1.1.2 for RHEL 9.

Red Hat Security Advisory 2024-8315-03

Red Hat Security Advisory 2024-8315-03 - Logging for Red Hat OpenShift - 5.9.8.

Red Hat Security Advisory 2024-8260-03

Red Hat Security Advisory 2024-8260-03 - Red Hat OpenShift Container Platform release 4.16.18 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8260-03

Red Hat Security Advisory 2024-8260-03 - Red Hat OpenShift Container Platform release 4.16.18 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8260-03

Red Hat Security Advisory 2024-8260-03 - Red Hat OpenShift Container Platform release 4.16.18 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8260-03

Red Hat Security Advisory 2024-8260-03 - Red Hat OpenShift Container Platform release 4.16.18 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-7081-1

Ubuntu Security Notice 7081-1 - It was discovered that the Go net/http module did not properly handle responses to requests with an "Expect: 100-continue" header under certain circumstances. An attacker could possibly use this issue to cause a denial of service. It was discovered that the Go parser module did not properly handle deeply nested literal values. An attacker could possibly use this issue to cause a panic resulting in a denial of service.

Ubuntu Security Notice USN-7081-1

Ubuntu Security Notice 7081-1 - It was discovered that the Go net/http module did not properly handle responses to requests with an "Expect: 100-continue" header under certain circumstances. An attacker could possibly use this issue to cause a denial of service. It was discovered that the Go parser module did not properly handle deeply nested literal values. An attacker could possibly use this issue to cause a panic resulting in a denial of service.

Ubuntu Security Notice USN-7081-1

Ubuntu Security Notice 7081-1 - It was discovered that the Go net/http module did not properly handle responses to requests with an "Expect: 100-continue" header under certain circumstances. An attacker could possibly use this issue to cause a denial of service. It was discovered that the Go parser module did not properly handle deeply nested literal values. An attacker could possibly use this issue to cause a panic resulting in a denial of service.

Red Hat Security Advisory 2024-8229-03

Red Hat Security Advisory 2024-8229-03 - Red Hat OpenShift Container Platform release 4.17.2 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-8229-03

Red Hat Security Advisory 2024-8229-03 - Red Hat OpenShift Container Platform release 4.17.2 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-8229-03

Red Hat Security Advisory 2024-8229-03 - Red Hat OpenShift Container Platform release 4.17.2 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-8014-03

Red Hat Security Advisory 2024-8014-03 - Network Observability 1.7 for Red Hat OpenShift. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.

Red Hat Security Advisory 2024-8014-03

Red Hat Security Advisory 2024-8014-03 - Network Observability 1.7 for Red Hat OpenShift. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.

Red Hat Security Advisory 2024-8112-03

Red Hat Security Advisory 2024-8112-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-7987-03

Red Hat Security Advisory 2024-7987-03 - An update is now available for Red Hat Satellite 6.15 for RHEL 8. Issues addressed include HTTP request smuggling and null pointer vulnerabilities.

Ubuntu Security Notice USN-7061-1

Ubuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.

Ubuntu Security Notice USN-7061-1

Ubuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.

Ubuntu Security Notice USN-7061-1

Ubuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.

Ubuntu Security Notice USN-7061-1

Ubuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.

Ubuntu Security Notice USN-7061-1

Ubuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.

Ubuntu Security Notice USN-7061-1

Ubuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.

Red Hat Security Advisory 2024-7822-03

Red Hat Security Advisory 2024-7822-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

Red Hat Security Advisory 2024-7821-03

Red Hat Security Advisory 2024-7821-03 - An update for skopeo is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-7818-03

Red Hat Security Advisory 2024-7818-03 - An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-7261-03

Red Hat Security Advisory 2024-7261-03 - An update for osbuild-composer is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Security Advisory 2024-7205-03

Red Hat Security Advisory 2024-7205-03 - An update for osbuild-composer is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-7203-03

Red Hat Security Advisory 2024-7203-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-7102-03

Red Hat Security Advisory 2024-7102-03 - An update for grafana is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-7074-03

Red Hat Security Advisory 2024-7074-03 - Network Observability 1.6 for Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-6755-03

Red Hat Security Advisory 2024-6755-03 - Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.16.2 on Red Hat Enterprise Linux 9 from Red Hat Container Registry.

Red Hat Security Advisory 2024-6189-03

Red Hat Security Advisory 2024-6189-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-6187-03

Red Hat Security Advisory 2024-6187-03 - An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-5446-03

Red Hat Security Advisory 2024-5446-03 - Red Hat OpenShift Container Platform release 4.13.48 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-5446-03

Red Hat Security Advisory 2024-5446-03 - Red Hat OpenShift Container Platform release 4.13.48 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-5442-03

Red Hat Security Advisory 2024-5442-03 - Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-5442-03

Red Hat Security Advisory 2024-5442-03 - Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-5439-03

Red Hat Security Advisory 2024-5439-03 - Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-5436-03

Red Hat Security Advisory 2024-5436-03 - Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-5436-03

Red Hat Security Advisory 2024-5436-03 - Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-5537-03

Red Hat Security Advisory 2024-5537-03 - An update is now available for the Red Hat build of Cryostat 3 on RHEL 8. Issues addressed include a denial of service vulnerability.

Gentoo Linux Security Advisory 202408-07

Gentoo Linux Security Advisory 202408-7 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to information leakage or a denial of service. Versions greater than or equal to 1.22.3 are affected.

Gentoo Linux Security Advisory 202408-07

Gentoo Linux Security Advisory 202408-7 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to information leakage or a denial of service. Versions greater than or equal to 1.22.3 are affected.

Red Hat Security Advisory 2024-4982-03

Red Hat Security Advisory 2024-4982-03 - OpenShift API for Data Protection 1.3.3 is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4933-03

Red Hat Security Advisory 2024-4933-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4613-03

Red Hat Security Advisory 2024-4613-03 - Red Hat OpenShift Container Platform release 4.16.4 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-4336-03

Red Hat Security Advisory 2024-4336-03 - An update is available for Logging for Red Hat OpenShift - 5.6.21.

Red Hat Security Advisory 2024-4697-03

Red Hat Security Advisory 2024-4697-03 - An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.

Red Hat Security Advisory 2024-4591-03

Red Hat Security Advisory 2024-4591-03 - Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.16.0 on Red Hat Enterprise Linux 9. Issues addressed include denial of service, memory leak, and resource exhaustion vulnerabilities.

Red Hat Security Advisory 2024-4591-03

Red Hat Security Advisory 2024-4591-03 - Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.16.0 on Red Hat Enterprise Linux 9. Issues addressed include denial of service, memory leak, and resource exhaustion vulnerabilities.

Red Hat Security Advisory 2024-4546-03

Red Hat Security Advisory 2024-4546-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4520-03

Red Hat Security Advisory 2024-4520-03 - The Migration Toolkit for Containers 1.7.16 is now available. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-4520-03

Red Hat Security Advisory 2024-4520-03 - The Migration Toolkit for Containers 1.7.16 is now available. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-4520-03

Red Hat Security Advisory 2024-4520-03 - The Migration Toolkit for Containers 1.7.16 is now available. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-4520-03

Red Hat Security Advisory 2024-4520-03 - The Migration Toolkit for Containers 1.7.16 is now available. Issues addressed include a memory exhaustion vulnerability.

Ubuntu Security Notice USN-6886-1

Ubuntu Security Notice 6886-1 - It was discovered that the Go net/http module did not properly handle the requests when request\'s headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Go net/http module did not properly validate the subdomain match or exact match of the initial domain. An attacker could possibly use this issue to read sensitive information. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-6886-1

Ubuntu Security Notice 6886-1 - It was discovered that the Go net/http module did not properly handle the requests when request\'s headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Go net/http module did not properly validate the subdomain match or exact match of the initial domain. An attacker could possibly use this issue to read sensitive information. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-6886-1

Ubuntu Security Notice 6886-1 - It was discovered that the Go net/http module did not properly handle the requests when request\'s headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Go net/http module did not properly validate the subdomain match or exact match of the initial domain. An attacker could possibly use this issue to read sensitive information. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-6886-1

Ubuntu Security Notice 6886-1 - It was discovered that the Go net/http module did not properly handle the requests when request\'s headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Go net/http module did not properly validate the subdomain match or exact match of the initial domain. An attacker could possibly use this issue to read sensitive information. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-6886-1

Ubuntu Security Notice 6886-1 - It was discovered that the Go net/http module did not properly handle the requests when request\'s headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Go net/http module did not properly validate the subdomain match or exact match of the initial domain. An attacker could possibly use this issue to read sensitive information. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-6886-1

Ubuntu Security Notice 6886-1 - It was discovered that the Go net/http module did not properly handle the requests when request\'s headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Go net/http module did not properly validate the subdomain match or exact match of the initial domain. An attacker could possibly use this issue to read sensitive information. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Red Hat Security Advisory 2024-4212-03

Red Hat Security Advisory 2024-4212-03 - An update for golang is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-3637-03

Red Hat Security Advisory 2024-3637-03 - Secondary Scheduler Operator for Red Hat OpenShift 1.3.0 for RHEL 9. Issues addressed include denial of service and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2024-0045-03

Red Hat Security Advisory 2024-0045-03 - Red Hat OpenShift Container Platform release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service, memory exhaustion, and resource exhaustion vulnerabilities.

Red Hat Security Advisory 2024-0041-03

Red Hat Security Advisory 2024-0041-03 - Red Hat OpenShift Container Platform release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service, memory exhaustion, password leak, and resource exhaustion vulnerabilities.

Red Hat Security Advisory 2024-0041-03

Red Hat Security Advisory 2024-0041-03 - Red Hat OpenShift Container Platform release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service, memory exhaustion, password leak, and resource exhaustion vulnerabilities.

Red Hat Security Advisory 2024-0041-03

Red Hat Security Advisory 2024-0041-03 - Red Hat OpenShift Container Platform release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service, memory exhaustion, password leak, and resource exhaustion vulnerabilities.

Red Hat Security Advisory 2024-4119-03

Red Hat Security Advisory 2024-4119-03 - Updated rhceph-5.3 container image is now available in the Red Hat Ecosystem Catalog. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-4119-03

Red Hat Security Advisory 2024-4119-03 - Updated rhceph-5.3 container image is now available in the Red Hat Ecosystem Catalog. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-4119-03

Red Hat Security Advisory 2024-4119-03 - Updated rhceph-5.3 container image is now available in the Red Hat Ecosystem Catalog. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-4034-03

Red Hat Security Advisory 2024-4034-03 - OpenShift container images for the Red Hat Service Interconnect 1.5 release. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4028-03

Red Hat Security Advisory 2024-4028-03 - Red Hat OpenShift Serverless version 1.33.0 is now available.

Red Hat Security Advisory 2024-4023-03

Red Hat Security Advisory 2024-4023-03 - Red Hat openshift-serverless-clients kn 1.33.0 is now available. Issues addressed include denial of service and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2024-4023-03

Red Hat Security Advisory 2024-4023-03 - Red Hat openshift-serverless-clients kn 1.33.0 is now available. Issues addressed include denial of service and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2024-4023-03

Red Hat Security Advisory 2024-4023-03 - Red Hat openshift-serverless-clients kn 1.33.0 is now available. Issues addressed include denial of service and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2024-4023-03

Red Hat Security Advisory 2024-4023-03 - Red Hat openshift-serverless-clients kn 1.33.0 is now available. Issues addressed include denial of service and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2024-3868-03

Red Hat Security Advisory 2024-3868-03 - Network Observability 1.6 for Red Hat OpenShift. Issues addressed include code execution, denial of service, memory exhaustion, and password leak vulnerabilities.

Red Hat Security Advisory 2024-3830-03

Red Hat Security Advisory 2024-3830-03 - An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-3790-03

Red Hat Security Advisory 2024-3790-03 - OpenShift API for Data Protection 1.3.2 is now available. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-3790-03

Red Hat Security Advisory 2024-3790-03 - OpenShift API for Data Protection 1.3.2 is now available. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-3790-03

Red Hat Security Advisory 2024-3790-03 - OpenShift API for Data Protection 1.3.2 is now available. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-3790-03

Red Hat Security Advisory 2024-3790-03 - OpenShift API for Data Protection 1.3.2 is now available. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-3680-03

Red Hat Security Advisory 2024-3680-03 - Red Hat OpenShift Service Mesh Containers for 2.4.8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2875-03

Red Hat Security Advisory 2024-2875-03 - Red Hat OpenShift Container Platform release 4.13.42 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2024-3352-03

Red Hat Security Advisory 2024-3352-03 - An update for etcd is now available for Red Hat OpenStack Platform 16.2. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-3346-03

Red Hat Security Advisory 2024-3346-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2024-3346-03

Red Hat Security Advisory 2024-3346-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2024-2668-03

Red Hat Security Advisory 2024-2668-03 - Red Hat OpenShift Container Platform release 4.14.24 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2667-03

Red Hat Security Advisory 2024-2667-03 - Red Hat build of MicroShift release 4.15.12 is now available with updates to packages and images that include a security update.

Red Hat Security Advisory 2024-2664-03

Red Hat Security Advisory 2024-2664-03 - Red Hat OpenShift Container Platform release 4.15.12 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2625-03

Red Hat Security Advisory 2024-2625-03 - An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2060-03

Red Hat Security Advisory 2024-2060-03 - Red Hat OpenShift Virtualization release 4.14.5 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1901-03

Red Hat Security Advisory 2024-1901-03 - OpenShift container images for the Red Hat Service Interconnect 1.5 release.

Red Hat Security Advisory 2024-1770-03

Red Hat Security Advisory 2024-1770-03 - Red Hat OpenShift Container Platform release 4.15.9 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-1027-03

Red Hat Security Advisory 2024-1027-03 - An update is now available for MTA-6.2-RHEL-8 and MTA-6.2-RHEL-9. Issues addressed include XML injection and denial of service vulnerabilities.

Red Hat Security Advisory 2024-0948-03

Red Hat Security Advisory 2024-0948-03 - Red Hat OpenShift Container Platform release 4.13.35 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-0293-03

Red Hat Security Advisory 2024-0293-03 - Red Hat OpenShift Container Platform release 4.14.10 is now available with updates to packages and images that fix several bugs and add enhancements.

Ubuntu Security Notice USN-6574-1

Ubuntu Security Notice 6574-1 - Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04. It was discovered that Go did not properly validate the "//go:cgo_" directives during compilation. An attacker could possibly use this issue to inject arbitrary code during compile time.

Red Hat Security Advisory 2023-7672-03

Red Hat Security Advisory 2023-7672-03 - Red Hat OpenShift Virtualization release 4.14.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7672-03

Red Hat Security Advisory 2023-7672-03 - Red Hat OpenShift Virtualization release 4.14.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7515-01

Red Hat Security Advisory 2023-7515-01 - The components for Red Hat OpenShift for Windows Containers 9.0.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.

Gentoo Linux Security Advisory 202311-09

Gentoo Linux Security Advisory 202311-9 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution. Versions greater than or equal to 1.20.10 are affected.

Gentoo Linux Security Advisory 202311-09

Gentoo Linux Security Advisory 202311-9 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution. Versions greater than or equal to 1.20.10 are affected.

Gentoo Linux Security Advisory 202311-09

Gentoo Linux Security Advisory 202311-9 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution. Versions greater than or equal to 1.20.10 are affected.

Gentoo Linux Security Advisory 202311-09

Gentoo Linux Security Advisory 202311-9 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution. Versions greater than or equal to 1.20.10 are affected.

Gentoo Linux Security Advisory 202311-09

Gentoo Linux Security Advisory 202311-9 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution. Versions greater than or equal to 1.20.10 are affected.

Gentoo Linux Security Advisory 202311-09

Gentoo Linux Security Advisory 202311-9 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution. Versions greater than or equal to 1.20.10 are affected.

Red Hat Security Advisory 2023-7215-01

Red Hat Security Advisory 2023-7215-01 - Red Hat OpenShift Service Mesh 2.2.12 Containers. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7202-01

Red Hat Security Advisory 2023-7202-01 - An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2023-6154-01

Red Hat Security Advisory 2023-6154-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.2.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6154-01

Red Hat Security Advisory 2023-6154-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.2.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6202-01

Red Hat Security Advisory 2023-6202-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.8 General Availability release images, which provide security updates and fix bugs. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6202-01

Red Hat Security Advisory 2023-6202-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.8 General Availability release images, which provide security updates and fix bugs. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6200-01

Red Hat Security Advisory 2023-6200-01 - The multicluster engine for Kubernetes 2.1.9 General Availability release images, which contains security fixes and update container images. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6200-01

Red Hat Security Advisory 2023-6200-01 - The multicluster engine for Kubernetes 2.1.9 General Availability release images, which contains security fixes and update container images. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6161-01

Red Hat Security Advisory 2023-6161-01 - The Migration Toolkit for Containers 1.7.14 is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6161-01

Red Hat Security Advisory 2023-6161-01 - The Migration Toolkit for Containers 1.7.14 is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6161-01

Red Hat Security Advisory 2023-6161-01 - The Migration Toolkit for Containers 1.7.14 is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6148-01

Red Hat Security Advisory 2023-6148-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.9 General Availability release images, which provide security updates and fix bugs. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6148-01

Red Hat Security Advisory 2023-6148-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.9 General Availability release images, which provide security updates and fix bugs. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6145-01

Red Hat Security Advisory 2023-6145-01 - Multicluster Engine for Kubernetes 2.2.9 General Availability release images, which contain security updates and fix bugs. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6145-01

Red Hat Security Advisory 2023-6145-01 - Multicluster Engine for Kubernetes 2.2.9 General Availability release images, which contain security updates and fix bugs. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6085-01

Red Hat Security Advisory 2023-6085-01 - An update is now available for Red Hat Openshift distributed tracing 2.9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6085-01

Red Hat Security Advisory 2023-6085-01 - An update is now available for Red Hat Openshift distributed tracing 2.9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6085-01

Red Hat Security Advisory 2023-6085-01 - An update is now available for Red Hat Openshift distributed tracing 2.9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5895-01

Red Hat Security Advisory 2023-5895-01 - Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs.

Red Hat Security Advisory 2023-6057-01

Red Hat Security Advisory 2023-6057-01 - An update for toolbox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5982-01

Red Hat Security Advisory 2023-5982-01 - An update for foreman_ygg_worker, puppet-agent, qpid-proton, and yggdrasil is now available for Satellite Client 6 for RHEL 6, Satellite Client 6 for RHEL 7, Satellite Client 6 for RHEL 8, and Satellite Client 6 for RHEL 9. Issues addressed include code execution and denial of service vulnerabilities.

Red Hat Security Advisory 2023-5976-01

Red Hat Security Advisory 2023-5976-01 - An update is now available for Service Telemetry Framework 1.5.2. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5974-01

Red Hat Security Advisory 2023-5974-01 - An update for network-observability-console-plugin-container, network-observability-ebpf-agent-container, network-observability-flowlogs-pipeline-container, network-observability-operator-bundle-container, and network-observability-operator-container is now available for NETWORK-OBSERVABILITY-1.4.0-RHEL-9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5974-01

Red Hat Security Advisory 2023-5974-01 - An update for network-observability-console-plugin-container, network-observability-ebpf-agent-container, network-observability-flowlogs-pipeline-container, network-observability-operator-bundle-container, and network-observability-operator-container is now available for NETWORK-OBSERVABILITY-1.4.0-RHEL-9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5974-01

Red Hat Security Advisory 2023-5974-01 - An update for network-observability-console-plugin-container, network-observability-ebpf-agent-container, network-observability-flowlogs-pipeline-container, network-observability-operator-bundle-container, and network-observability-operator-container is now available for NETWORK-OBSERVABILITY-1.4.0-RHEL-9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5969-01

Red Hat Security Advisory 2023-5969-01 - An update for collectd-libpod-stats, etcd, and python-octavia-tests-tempest is now available for Red Hat OpenStack Platform 17.1.1. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5965-01

Red Hat Security Advisory 2023-5965-01 - An update for collectd-libpod-stats and etcd is now available for Red Hat OpenStack Platform 16.2.5. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5935-01

Red Hat Security Advisory 2023-5935-01 - An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2.5. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5835-01

Red Hat Security Advisory 2023-5835-01 - The rhc-worker-script packages provide Remote Host Configuration worker for executing an interpreted programming language script on hosts managed by Red Hat Insights. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5809-01

Red Hat Security Advisory 2023-5809-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

Red Hat Security Advisory 2023-5805-01

Red Hat Security Advisory 2023-5805-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include a denial of service vulnerability.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2023-39323: GO-2023-2095 - Go Packages

Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.

Red Hat Security Advisory 2023-5314-01

Red Hat Security Advisory 2023-5314-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

CVE-2023-39322: [security] Go 1.21.1 and Go 1.20.8 are released

QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.

CVE-2023-39322: [security] Go 1.21.1 and Go 1.20.8 are released

QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.

Red Hat Security Advisory 2023-4456-01

Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.

RHSA-2023:4456: Red Hat Security Advisory: OpenShift Container Platform 4.13.8 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

RHSA-2023:4335: Red Hat Security Advisory: Security Update for cert-manager Operator for Red Hat OpenShift 1.10.3

cert-manager Operator for Red Hat OpenShift 1.10.3 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specia...

RHSA-2023:4470: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.3 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys ca...

RHSA-2023:4470: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.3 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys ca...

Red Hat Security Advisory 2023-4225-01

Red Hat Security Advisory 2023-4225-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.6.

CVE-2023-29406: [security] Go 1.20.6 and Go 1.19.11 are released

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.

Red Hat Security Advisory 2023-4003-01

Red Hat Security Advisory 2023-4003-01 - As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4003-01

Red Hat Security Advisory 2023-4003-01 - As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site. Issues addressed include a denial of service vulnerability.

RHSA-2023:4003: Red Hat Security Advisory: Red Hat Service Interconnect 1.4 Release security update

This is release 1.4 of the rpms for Red Hat Service Interconnect. Red Hat Service Interconnect 1.4 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the gol...

RHSA-2023:3943: Red Hat Security Advisory: ACS 4.1 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability. * CVE...

RHSA-2023:3943: Red Hat Security Advisory: ACS 4.1 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability. * CVE...

RHSA-2023:3923: Red Hat Security Advisory: go-toolset and golang security update

An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go g...

RHSA-2023:3923: Red Hat Security Advisory: go-toolset and golang security update

An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go g...

RHSA-2023:3923: Red Hat Security Advisory: go-toolset and golang security update

An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go g...

RHSA-2023:3923: Red Hat Security Advisory: go-toolset and golang security update

An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go g...

RHSA-2023:3922: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via...

RHSA-2023:3922: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via...

RHSA-2023:3922: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via...

RHSA-2023:3922: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via...

RHSA-2023:3920: Red Hat Security Advisory: go-toolset-1.19 and go-toolset-1.19-golang security update

An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go comma...

RHSA-2023:3920: Red Hat Security Advisory: go-toolset-1.19 and go-toolset-1.19-golang security update

An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go comma...

RHSA-2023:3920: Red Hat Security Advisory: go-toolset-1.19 and go-toolset-1.19-golang security update

An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go comma...

RHSA-2023:3920: Red Hat Security Advisory: go-toolset-1.19 and go-toolset-1.19-golang security update

An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go comma...

RHSA-2023:3624: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.10 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A flaw was found in Golang Go, where it is vulnerable to a denial of service cause...

CVE-2023-29403: [security] Go 1.20.5 and Go 1.19.10 are released

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.

CVE-2023-29405: cmd/go: improper sanitization of LDFLAGS [CVE-2023-29405] · Issue #60306 · golang/go

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.

CVE-2023-29404: cmd/go: improper sanitization of LDFLAGS [CVE-2023-29404] · Issue #60305 · golang/go

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.

CVE-2023-29403: [security] Go 1.20.5 and Go 1.19.10 are released

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.

CVE-2023-29403: [security] Go 1.20.5 and Go 1.19.10 are released

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.

CVE-2023-29403: [security] Go 1.20.5 and Go 1.19.10 are released

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.

RHSA-2023:3366: Red Hat Security Advisory: OpenShift Container Platform 4.13.2 packages and security update

Red Hat OpenShift Container Platform release 4.13.2 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms...

RHSA-2023:3455: Red Hat Security Advisory: Release of OpenShift Serverless 1.29.0

OpenShift Serverless version 1.29.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker ...

RHSA-2023:3445: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-28235: A flaw was found in etcd, where etc-io could allow a remote attacker to gain elevated privileges on the system caused by a vulnerability in the debug function. By sending a specially crafted request, an attacker can gain elevated privileges. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause e...

RHSA-2023:3445: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-28235: A flaw was found in etcd, where etc-io could allow a remote attacker to gain elevated privileges on the system caused by a vulnerability in the debug function. By sending a specially crafted request, an attacker can gain elevated privileges. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause e...

RHSA-2023:3445: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-28235: A flaw was found in etcd, where etc-io could allow a remote attacker to gain elevated privileges on the system caused by a vulnerability in the debug function. By sending a specially crafted request, an attacker can gain elevated privileges. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause e...

Red Hat Security Advisory 2023-3305-02

Red Hat Security Advisory 2023-3305-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.1.

Red Hat Security Advisory 2023-3303-01

Red Hat Security Advisory 2023-3303-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.1.

RHSA-2023:3303: Red Hat Security Advisory: OpenShift Container Platform 4.13.1 packages and security update

Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a ...

Red Hat Security Advisory 2023-3167-01

Red Hat Security Advisory 2023-3167-01 - New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Issues addressed include a denial of service vulnerability.

RHSA-2023:0584: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...

RHSA-2023:3167: Red Hat Security Advisory: Red Hat build of Cryostat 2.3.0: new RHEL 8 container images

New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images are now availableThis content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption...

RHSA-2023:3167: Red Hat Security Advisory: Red Hat build of Cryostat 2.3.0: new RHEL 8 container images

New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images are now availableThis content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption...

RHSA-2023:3083: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a den...

RHSA-2023:3083: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a den...

Red Hat Security Advisory 2023-2107-01

Red Hat Security Advisory 2023-2107-01 - The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-2107-01

Red Hat Security Advisory 2023-2107-01 - The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. Issues addressed include a denial of service vulnerability.

RHSA-2023:2107: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.9 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by...

RHSA-2023:2107: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.9 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by...

CVE-2023-24536

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMul...

Red Hat Security Advisory 2023-1639-01

Red Hat Security Advisory 2023-1639-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-1639-01

Red Hat Security Advisory 2023-1639-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

RHSA-2023:1639: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.3 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by a...

RHSA-2023:1639: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.3 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by a...

CVE-2022-41725: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725) · Issue #58006 · golang/go

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files cr...

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution