Headline
RHSA-2022:5775: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header
- CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions
- CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip
- CVE-2022-30630: golang: io/fs: stack exhaustion in Glob
- CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
- CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob
- CVE-2022-30633: golang: encoding/xml: stack exhaustion in Unmarshal
- CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode
- CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
Synopsis
Important: go-toolset:rhel8 security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Security Fix(es):
- golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
- golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
- golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
- golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
- golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
- golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
- golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
- golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
- golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Clean up dist-git patches (BZ#2110942)
- Update Go to version 1.17.12 (BZ#2110943)
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- BZ - 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
- BZ - 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
- BZ - 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
- BZ - 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
- BZ - 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
- BZ - 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
- BZ - 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
- BZ - 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
CVEs
- CVE-2022-1705
- CVE-2022-1962
- CVE-2022-28131
- CVE-2022-30630
- CVE-2022-30631
- CVE-2022-30632
- CVE-2022-30633
- CVE-2022-30635
- CVE-2022-32148
Red Hat Enterprise Linux for x86_64 8
SRPM
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm
SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f
x86_64
golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66
golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345
golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686
golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm
SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336
delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm
SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd
delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm
SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: 6939d664fcf3e83971f080330eaf96197f7f049486cd9ee979eb452ea257d2f1
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: bcf7c0c15543631989c17186f1a9106d2f501d09ce6a91e784e176b7efcf19ca
golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: 1fe06eaac3190c4690f8f276bddd9c302fb54e2841b244a0227329ebdf377909
golang-race-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: 0cfd2bf77c2a3ec5e5d1e109919f396ac8e670ec380d0a7c5f7f7970c14a3efd
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm
SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f
x86_64
golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66
golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345
golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686
golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm
SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336
delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm
SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd
delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm
SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: 6939d664fcf3e83971f080330eaf96197f7f049486cd9ee979eb452ea257d2f1
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: bcf7c0c15543631989c17186f1a9106d2f501d09ce6a91e784e176b7efcf19ca
golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: 1fe06eaac3190c4690f8f276bddd9c302fb54e2841b244a0227329ebdf377909
golang-race-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: 0cfd2bf77c2a3ec5e5d1e109919f396ac8e670ec380d0a7c5f7f7970c14a3efd
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm
SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f
x86_64
golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66
golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345
golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686
golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm
SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336
delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm
SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd
delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm
SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: 6939d664fcf3e83971f080330eaf96197f7f049486cd9ee979eb452ea257d2f1
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: bcf7c0c15543631989c17186f1a9106d2f501d09ce6a91e784e176b7efcf19ca
golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: 1fe06eaac3190c4690f8f276bddd9c302fb54e2841b244a0227329ebdf377909
golang-race-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: 0cfd2bf77c2a3ec5e5d1e109919f396ac8e670ec380d0a7c5f7f7970c14a3efd
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f
s390x
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.s390x.rpm
SHA-256: 60c95ccaddf5430d506a71d2eac07b0d7548b01b2cb05029093427dff43f7576
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.s390x.rpm
SHA-256: 137615b3a8aa32257a70bb0a732274ac194197b861aa83cf3ef005f847aa554e
golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.s390x.rpm
SHA-256: 256001597179e729e695a1954cfdcd1ac279c057eb44fe780969e9bfe325bdd7
golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66
golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345
golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686
golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f
s390x
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.s390x.rpm
SHA-256: 60c95ccaddf5430d506a71d2eac07b0d7548b01b2cb05029093427dff43f7576
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.s390x.rpm
SHA-256: 137615b3a8aa32257a70bb0a732274ac194197b861aa83cf3ef005f847aa554e
golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.s390x.rpm
SHA-256: 256001597179e729e695a1954cfdcd1ac279c057eb44fe780969e9bfe325bdd7
golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66
golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345
golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686
golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52
Red Hat Enterprise Linux for Power, little endian 8
SRPM
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f
ppc64le
golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66
golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345
golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686
golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm
SHA-256: 645697d71ce42ad809ce0d1f3332a778c034ab4f49ef137ba7683bb48f22eb54
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm
SHA-256: e74eb431a963ad7b7330ae3a7efb979e4b11bf289b8bf115d070d962af7efad1
golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm
SHA-256: ee488f4f58d8a1e97315e5fc29ac0c22d6fa5ebdbf6a6809fc944dd74983d069
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f
ppc64le
golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66
golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345
golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686
golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm
SHA-256: 645697d71ce42ad809ce0d1f3332a778c034ab4f49ef137ba7683bb48f22eb54
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm
SHA-256: e74eb431a963ad7b7330ae3a7efb979e4b11bf289b8bf115d070d962af7efad1
golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm
SHA-256: ee488f4f58d8a1e97315e5fc29ac0c22d6fa5ebdbf6a6809fc944dd74983d069
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm
SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f
x86_64
golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66
golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345
golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686
golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm
SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336
delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm
SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd
delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm
SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: 6939d664fcf3e83971f080330eaf96197f7f049486cd9ee979eb452ea257d2f1
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: bcf7c0c15543631989c17186f1a9106d2f501d09ce6a91e784e176b7efcf19ca
golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: 1fe06eaac3190c4690f8f276bddd9c302fb54e2841b244a0227329ebdf377909
golang-race-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: 0cfd2bf77c2a3ec5e5d1e109919f396ac8e670ec380d0a7c5f7f7970c14a3efd
Red Hat Enterprise Linux for ARM 64 8
SRPM
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f
aarch64
golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66
golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345
golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686
golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.aarch64.rpm
SHA-256: 349145d2431cff71e5a6c5341937f08a79de16a9f0b906c7b19ec3d862a668f8
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.aarch64.rpm
SHA-256: bf8111cb74b3a77377e30e9ceee12197e0e81776805925e216c85afd340dfe6a
golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.aarch64.rpm
SHA-256: f131d1fb0f577383a691229635666dcfbd9627ffe264768ba9b29fc8ffea8297
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f
aarch64
golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66
golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345
golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686
golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.aarch64.rpm
SHA-256: 349145d2431cff71e5a6c5341937f08a79de16a9f0b906c7b19ec3d862a668f8
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.aarch64.rpm
SHA-256: bf8111cb74b3a77377e30e9ceee12197e0e81776805925e216c85afd340dfe6a
golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.aarch64.rpm
SHA-256: f131d1fb0f577383a691229635666dcfbd9627ffe264768ba9b29fc8ffea8297
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f
ppc64le
golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66
golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345
golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686
golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm
SHA-256: 645697d71ce42ad809ce0d1f3332a778c034ab4f49ef137ba7683bb48f22eb54
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm
SHA-256: e74eb431a963ad7b7330ae3a7efb979e4b11bf289b8bf115d070d962af7efad1
golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm
SHA-256: ee488f4f58d8a1e97315e5fc29ac0c22d6fa5ebdbf6a6809fc944dd74983d069
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm
SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm
SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f
x86_64
golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66
golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345
golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686
golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm
SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm
SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336
delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm
SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd
delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm
SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95
go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: 6939d664fcf3e83971f080330eaf96197f7f049486cd9ee979eb452ea257d2f1
golang-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: bcf7c0c15543631989c17186f1a9106d2f501d09ce6a91e784e176b7efcf19ca
golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: 1fe06eaac3190c4690f8f276bddd9c302fb54e2841b244a0227329ebdf377909
golang-race-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm
SHA-256: 0cfd2bf77c2a3ec5e5d1e109919f396ac8e670ec380d0a7c5f7f7970c14a3efd
Related news
Red Hat Security Advisory 2024-1433-03 - Migration Toolkit for Applications 7.0.2 release.
Ubuntu Security Notice 6038-2 - USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.
A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-42581: A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application. * CVE-2022-1650: A flaw was found in the EventSource NPM Package. The description from the source states the following messa...
Red Hat Security Advisory 2023-2802-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and information leakage vulnerabilities.
Ubuntu Security Notice 6038-1 - It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting into a denial of service.
An update is now available for Service Telemetry Framework 1.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-23772: A flaw was found in the big package of the math library in golang. The Rat....
The Migration Toolkit for Containers (MTC) 1.7.8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2022-24999: A flaw was found in the express.js npm package. Express.js Express is vulnerable to a d...
An update for etcd is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by rev...
Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-1962: A flaw was found in the golang standard library, go/par...
Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Service Mesh 2.3.1 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-3962: kiali: error message spoofing in kiali UI * CVE-2022-27664: golang: ...
Red Hat Security Advisory 2023-0407-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.0 RPMs. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...
Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...
The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...
Red Hat Security Advisory 2022-8634-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
Red Hat Security Advisory 2022-8098-01 - Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.
Red Hat Security Advisory 2022-8057-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.
An update for grafana-pcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE...
Red Hat Security Advisory 2022-7529-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and memory exhaustion vulnerabilities.
An update for grafana-pcp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE...
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23648: sanitize-url: XSS due to improper sanitization in sanitizeUrl function * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources * CVE-2022-2169...
Red Hat Security Advisory 2022-7129-01 - Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Issues addressed include a denial of service vulnerability.
An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28851: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension * CVE-2020-28852: golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWA...
Red Hat Security Advisory 2022-7058-01 - OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. Issues addressed include a null pointer vulnerability.
OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob
Red Hat Security Advisory 2022-6560-01 - An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate.
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...
Red Hat OpenShift Container Platform release 4.8.49 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (is...
Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
OpenShift API for Data Protection (OADP) 1.0.4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30629: golang: crypto/tls: session ti...
Red Hat Security Advisory 2022-6370-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix security issues and several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6183-01 - Logging Subsystem 5.4.5 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.
Red Hat Security Advisory 2022-6345-01 - Multicluster engine for Kubernetes 2.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6347-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. Version 0.5 has been released with security fixes and updates.
Red Hat Security Advisory 2022-6348-01 - Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades.
Red Hat Security Advisory 2022-6344-01 - Logging Subsystem 5.5.1 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.
Red Hat Advanced Cluster Management for Kubernetes 2.6.0 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_a...
Logging Subsystem 5.5.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
Multicluster Engine v2.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzi...
Gatekeeper Operator v0.2 security updates Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: gol...
Logging Subsystem 5.4.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
Submariner 0.13 packages that fix security issues and bugs, as well as adds various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions...
Red Hat Security Advisory 2022-6152-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.0.
Red Hat Security Advisory 2022-6283-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release.
Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar...
Red Hat OpenShift Service Mesh 2.2.2 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30633: golang: encoding/xml: stack exhaustion in Unmarshal * CVE-2022-30635: golang: encoding/gob: stack...
Red Hat Security Advisory 2022-6188-01 - This is an updated release of the Node Maintenance Operator. The Node Maintenance Operator cordons off nodes from the rest of the cluster and drains all the pods from the nodes. By placing nodes under maintenance, administrators can proactively power down nodes, move workloads to other parts of the cluster, and ensure that workloads do not get interrupted.
Red Hat Security Advisory 2022-6187-01 - This is an updated release of the Node Health Check Operator. You can use the Node Health Check Operator to deploy the Node Health Check controller. The controller identifies unhealthy nodes and uses the Self Node Remediation Operator to remediate the unhealthy nodes.
An update for node-maintenance-must-gather-container, node-maintenance-operator-bundle-container, and node-maintenance-operator-container is now available for Node Maintenance Operator 4.11 for RHEL 8. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-...
An update for node-healthcheck-operator-bundle-container and node-healthcheck-operator-container is now available for Node Healthcheck Operator 0.3 for RHEL 8. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-30631: golang: compress/gzip: stack exhaust...
This is an updated release of the Self Node Remediation Operator. The Self Node Remediation Operator replaces the Poison Pill Operator, and is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-6103-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.1.
Red Hat OpenShift Container Platform release 4.7.56 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-6051-01 - An update is now available for RHOL-5.5-RHEL-8. Issues addressed include denial of service, man-in-the-middle, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-6113-01 - Red Hat Application Interconnect 1.0 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. This is an update to the rpms for Red Hat Application Interconnect 1.0 to fix some security issues in the golang compiler.
Red Hat Application Interconnect 1.0 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. This is an update to the rpms for Red Hat Application Interconnect 1.0 to fix some security issues in the golang compiler. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original...
Red Hat Security Advisory 2022-6061-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6065-01 - Collectd plugin for gathering resource usage statistics from containers created with the libpod library.
Red Hat Security Advisory 2022-6062-01 - Collectd plugin for gathering resource usage statistics from containers created with the libpod library.
Red Hat Security Advisory 2022-6066-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability.
An update for etcd is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-6040-01 - Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6042-01 - Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include bypass and denial of service vulnerabilities.
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.
In Decoder.Skip in encoding/xml in Go before 1.17.12 and 1.18.x before 1.18.4, stack exhaustion and a panic can occur via a deeply nested XML document.
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
Release of OpenShift Serverless 1.24.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * C...
Red Hat Security Advisory 2022-5924-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.
Red Hat Security Advisory 2022-5875-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.26.
Red Hat Security Advisory 2022-5923-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.
Red Hat OpenShift Container Platform release 4.10.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23773: golang: cmd/go: misinterpretation of branch names can lead to incorrect access control * CVE-2022-23806: golang: crypto/elliptic: IsOnCurve returns true for invalid field elements * ...
An update is now available for Service Telemetry Framework 1.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
An update is now available for Service Telemetry Framework 1.3 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Gentoo Linux Security Advisory 202208-2 - Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. Versions less than 1.18.5 are affected.
An update for go-toolset-1.17 and go-toolset-1.17-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip:...
An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion ...