Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:5775: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header
  • CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions
  • CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip
  • CVE-2022-30630: golang: io/fs: stack exhaustion in Glob
  • CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
  • CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob
  • CVE-2022-30633: golang: encoding/xml: stack exhaustion in Unmarshal
  • CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode
  • CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
Red Hat Security Data
#vulnerability#linux#red_hat#git#ibm#sap

Synopsis

Important: go-toolset:rhel8 security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

  • golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
  • golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
  • golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
  • golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
  • golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
  • golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
  • golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
  • golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
  • golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Clean up dist-git patches (BZ#2110942)
  • Update Go to version 1.17.12 (BZ#2110943)

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
  • BZ - 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
  • BZ - 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
  • BZ - 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
  • BZ - 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
  • BZ - 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
  • BZ - 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
  • BZ - 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
  • BZ - 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal

CVEs

  • CVE-2022-1705
  • CVE-2022-1962
  • CVE-2022-28131
  • CVE-2022-30630
  • CVE-2022-30631
  • CVE-2022-30632
  • CVE-2022-30633
  • CVE-2022-30635
  • CVE-2022-32148

Red Hat Enterprise Linux for x86_64 8

SRPM

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm

SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f

x86_64

golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66

golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345

golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686

golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336

delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd

delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: 6939d664fcf3e83971f080330eaf96197f7f049486cd9ee979eb452ea257d2f1

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: bcf7c0c15543631989c17186f1a9106d2f501d09ce6a91e784e176b7efcf19ca

golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: 1fe06eaac3190c4690f8f276bddd9c302fb54e2841b244a0227329ebdf377909

golang-race-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: 0cfd2bf77c2a3ec5e5d1e109919f396ac8e670ec380d0a7c5f7f7970c14a3efd

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm

SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f

x86_64

golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66

golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345

golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686

golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336

delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd

delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: 6939d664fcf3e83971f080330eaf96197f7f049486cd9ee979eb452ea257d2f1

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: bcf7c0c15543631989c17186f1a9106d2f501d09ce6a91e784e176b7efcf19ca

golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: 1fe06eaac3190c4690f8f276bddd9c302fb54e2841b244a0227329ebdf377909

golang-race-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: 0cfd2bf77c2a3ec5e5d1e109919f396ac8e670ec380d0a7c5f7f7970c14a3efd

Red Hat Enterprise Linux Server - AUS 8.6

SRPM

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm

SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f

x86_64

golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66

golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345

golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686

golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336

delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd

delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: 6939d664fcf3e83971f080330eaf96197f7f049486cd9ee979eb452ea257d2f1

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: bcf7c0c15543631989c17186f1a9106d2f501d09ce6a91e784e176b7efcf19ca

golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: 1fe06eaac3190c4690f8f276bddd9c302fb54e2841b244a0227329ebdf377909

golang-race-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: 0cfd2bf77c2a3ec5e5d1e109919f396ac8e670ec380d0a7c5f7f7970c14a3efd

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f

s390x

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.s390x.rpm

SHA-256: 60c95ccaddf5430d506a71d2eac07b0d7548b01b2cb05029093427dff43f7576

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.s390x.rpm

SHA-256: 137615b3a8aa32257a70bb0a732274ac194197b861aa83cf3ef005f847aa554e

golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.s390x.rpm

SHA-256: 256001597179e729e695a1954cfdcd1ac279c057eb44fe780969e9bfe325bdd7

golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66

golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345

golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686

golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f

s390x

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.s390x.rpm

SHA-256: 60c95ccaddf5430d506a71d2eac07b0d7548b01b2cb05029093427dff43f7576

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.s390x.rpm

SHA-256: 137615b3a8aa32257a70bb0a732274ac194197b861aa83cf3ef005f847aa554e

golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.s390x.rpm

SHA-256: 256001597179e729e695a1954cfdcd1ac279c057eb44fe780969e9bfe325bdd7

golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66

golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345

golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686

golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52

Red Hat Enterprise Linux for Power, little endian 8

SRPM

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f

ppc64le

golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66

golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345

golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686

golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm

SHA-256: 645697d71ce42ad809ce0d1f3332a778c034ab4f49ef137ba7683bb48f22eb54

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm

SHA-256: e74eb431a963ad7b7330ae3a7efb979e4b11bf289b8bf115d070d962af7efad1

golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm

SHA-256: ee488f4f58d8a1e97315e5fc29ac0c22d6fa5ebdbf6a6809fc944dd74983d069

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f

ppc64le

golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66

golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345

golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686

golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm

SHA-256: 645697d71ce42ad809ce0d1f3332a778c034ab4f49ef137ba7683bb48f22eb54

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm

SHA-256: e74eb431a963ad7b7330ae3a7efb979e4b11bf289b8bf115d070d962af7efad1

golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm

SHA-256: ee488f4f58d8a1e97315e5fc29ac0c22d6fa5ebdbf6a6809fc944dd74983d069

Red Hat Enterprise Linux Server - TUS 8.6

SRPM

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm

SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f

x86_64

golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66

golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345

golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686

golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336

delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd

delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: 6939d664fcf3e83971f080330eaf96197f7f049486cd9ee979eb452ea257d2f1

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: bcf7c0c15543631989c17186f1a9106d2f501d09ce6a91e784e176b7efcf19ca

golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: 1fe06eaac3190c4690f8f276bddd9c302fb54e2841b244a0227329ebdf377909

golang-race-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: 0cfd2bf77c2a3ec5e5d1e109919f396ac8e670ec380d0a7c5f7f7970c14a3efd

Red Hat Enterprise Linux for ARM 64 8

SRPM

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f

aarch64

golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66

golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345

golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686

golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.aarch64.rpm

SHA-256: 349145d2431cff71e5a6c5341937f08a79de16a9f0b906c7b19ec3d862a668f8

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.aarch64.rpm

SHA-256: bf8111cb74b3a77377e30e9ceee12197e0e81776805925e216c85afd340dfe6a

golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.aarch64.rpm

SHA-256: f131d1fb0f577383a691229635666dcfbd9627ffe264768ba9b29fc8ffea8297

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f

aarch64

golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66

golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345

golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686

golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.aarch64.rpm

SHA-256: 349145d2431cff71e5a6c5341937f08a79de16a9f0b906c7b19ec3d862a668f8

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.aarch64.rpm

SHA-256: bf8111cb74b3a77377e30e9ceee12197e0e81776805925e216c85afd340dfe6a

golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.aarch64.rpm

SHA-256: f131d1fb0f577383a691229635666dcfbd9627ffe264768ba9b29fc8ffea8297

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f

ppc64le

golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66

golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345

golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686

golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm

SHA-256: 645697d71ce42ad809ce0d1f3332a778c034ab4f49ef137ba7683bb48f22eb54

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm

SHA-256: e74eb431a963ad7b7330ae3a7efb979e4b11bf289b8bf115d070d962af7efad1

golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm

SHA-256: ee488f4f58d8a1e97315e5fc29ac0c22d6fa5ebdbf6a6809fc944dd74983d069

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm

SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: c516dc0951e89d9d840a5b935e2a3d9d4030bf21d2355168eb19d1e35119e2f7

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm

SHA-256: 7ffbcecee195d9af61a33090d909a35f67a7901faed617ff1fff2bc7f638cc5f

x86_64

golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: ae4eb7d051244a5c0ce9e87f4dedb66cc267b197c66d3b07b264462971901b66

golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: 1b3bc297baadb6d63897ab72879cf2e4413cddbcb23b08abcb48ef11b13ed345

golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: aee1cc08540864a8633b832b6d144f7e5dc0eca1940c4efe6e77d0a4e8eb9686

golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm

SHA-256: a12ca9bf99adae6f316c76be587e125b3f639aac95ae6afb66c6464e7c2f0b52

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336

delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd

delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95

go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: 6939d664fcf3e83971f080330eaf96197f7f049486cd9ee979eb452ea257d2f1

golang-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: bcf7c0c15543631989c17186f1a9106d2f501d09ce6a91e784e176b7efcf19ca

golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: 1fe06eaac3190c4690f8f276bddd9c302fb54e2841b244a0227329ebdf377909

golang-race-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm

SHA-256: 0cfd2bf77c2a3ec5e5d1e109919f396ac8e670ec380d0a7c5f7f7970c14a3efd

Related news

Red Hat Security Advisory 2024-1433-03

Red Hat Security Advisory 2024-1433-03 - Migration Toolkit for Applications 7.0.2 release.

Ubuntu Security Notice USN-6038-2

Ubuntu Security Notice 6038-2 - USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

Red Hat Security Advisory 2023-3664-01

Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.

RHSA-2023:3642: Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update

A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-42581: A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application. * CVE-2022-1650: A flaw was found in the EventSource NPM Package. The description from the source states the following messa...

Red Hat Security Advisory 2023-2802-01

Red Hat Security Advisory 2023-2802-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and information leakage vulnerabilities.

Ubuntu Security Notice USN-6038-1

Ubuntu Security Notice 6038-1 - It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting into a denial of service.

RHSA-2023:1529: Red Hat Security Advisory: Service Telemetry Framework 1.5 security update

An update is now available for Service Telemetry Framework 1.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-23772: A flaw was found in the big package of the math library in golang. The Rat....

RHSA-2023:1428: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2022-24999: A flaw was found in the express.js npm package. Express.js Express is vulnerable to a d...

RHSA-2023:1275: Red Hat Security Advisory: Red Hat OpenStack Platform (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by rev...

RHSA-2023:1042: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates)

Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-1962: A flaw was found in the golang standard library, go/par...

Red Hat Security Advisory 2023-0693-01

Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:0542: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.3.1 Containers security update

Red Hat OpenShift Service Mesh 2.3.1 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-3962: kiali: error message spoofing in kiali UI * CVE-2022-27664: golang: ...

Red Hat Security Advisory 2023-0407-01

Red Hat Security Advisory 2023-0407-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.0 RPMs. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2023:0408: Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update

Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:9047: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...

Red Hat Security Advisory 2022-8634-01

Red Hat Security Advisory 2022-8634-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

Red Hat Security Advisory 2022-8098-01

Red Hat Security Advisory 2022-8098-01 - Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.

Red Hat Security Advisory 2022-8057-01

Red Hat Security Advisory 2022-8057-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.

RHSA-2022:8250: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE...

Red Hat Security Advisory 2022-7529-01

Red Hat Security Advisory 2022-7529-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and memory exhaustion vulnerabilities.

RHSA-2022:7648: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE...

RHSA-2022:7519: Red Hat Security Advisory: grafana security, bug fix, and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23648: sanitize-url: XSS due to improper sanitization in sanitizeUrl function * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources * CVE-2022-2169...

Red Hat Security Advisory 2022-7129-01

Red Hat Security Advisory 2022-7129-01 - Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Issues addressed include a denial of service vulnerability.

RHSA-2022:7129: Red Hat Security Advisory: git-lfs security and bug fix update

An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28851: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension * CVE-2020-28852: golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWA...

Red Hat Security Advisory 2022-7058-01

Red Hat Security Advisory 2022-7058-01 - OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. Issues addressed include a null pointer vulnerability.

RHSA-2022:7058: Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update

OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob

Red Hat Security Advisory 2022-6560-01

Red Hat Security Advisory 2022-6560-01 - An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2022:6714: Red Hat Security Advisory: RHACS 3.72 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...

RHSA-2022:6308: Red Hat Security Advisory: OpenShift Container Platform 4.8.49 security update

Red Hat OpenShift Container Platform release 4.8.49 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (is...

Red Hat Security Advisory 2022-6430-01

Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

RHSA-2022:6430: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update

OpenShift API for Data Protection (OADP) 1.0.4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30629: golang: crypto/tls: session ti...

Red Hat Security Advisory 2022-6370-01

Red Hat Security Advisory 2022-6370-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix security issues and several bugs. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6183-01

Red Hat Security Advisory 2022-6183-01 - Logging Subsystem 5.4.5 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.

Red Hat Security Advisory 2022-6345-01

Red Hat Security Advisory 2022-6345-01 - Multicluster engine for Kubernetes 2.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6347-01

Red Hat Security Advisory 2022-6347-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. Version 0.5 has been released with security fixes and updates.

Red Hat Security Advisory 2022-6348-01

Red Hat Security Advisory 2022-6348-01 - Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades.

Red Hat Security Advisory 2022-6344-01

Red Hat Security Advisory 2022-6344-01 - Logging Subsystem 5.5.1 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.

RHSA-2022:6370: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.0 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_a...

RHSA-2022:6344: Red Hat Security Advisory: Logging Subsystem 5.5.1 Security and Bug Fix Update

Logging Subsystem 5.5.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

RHSA-2022:6345: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1 security updates and bug fixes

Multicluster Engine v2.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzi...

RHSA-2022:6348: Red Hat Security Advisory: Gatekeeper Operator v0.2 security and container updates

Gatekeeper Operator v0.2 security updates Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: gol...

RHSA-2022:6183: Red Hat Security Advisory: Logging Subsystem 5.4.5 Security and Bug Fix Update

Logging Subsystem 5.4.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

RHSA-2022:6346: Red Hat Security Advisory: RHSA: Submariner 0.13 - security and enhancement update

Submariner 0.13 packages that fix security issues and bugs, as well as adds various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions...

Red Hat Security Advisory 2022-6152-01

Red Hat Security Advisory 2022-6152-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.0.

Red Hat Security Advisory 2022-6283-01

Red Hat Security Advisory 2022-6283-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release.

RHSA-2022:6152: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar...

RHSA-2022:6283: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.2 Containers security update

Red Hat OpenShift Service Mesh 2.2.2 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30633: golang: encoding/xml: stack exhaustion in Unmarshal * CVE-2022-30635: golang: encoding/gob: stack...

Red Hat Security Advisory 2022-6188-01

Red Hat Security Advisory 2022-6188-01 - This is an updated release of the Node Maintenance Operator. The Node Maintenance Operator cordons off nodes from the rest of the cluster and drains all the pods from the nodes. By placing nodes under maintenance, administrators can proactively power down nodes, move workloads to other parts of the cluster, and ensure that workloads do not get interrupted.

Red Hat Security Advisory 2022-6187-01

Red Hat Security Advisory 2022-6187-01 - This is an updated release of the Node Health Check Operator. You can use the Node Health Check Operator to deploy the Node Health Check controller. The controller identifies unhealthy nodes and uses the Self Node Remediation Operator to remediate the unhealthy nodes.

RHSA-2022:6188: Red Hat Security Advisory: Node Maintenance Operator 4.11.1 security update

An update for node-maintenance-must-gather-container, node-maintenance-operator-bundle-container, and node-maintenance-operator-container is now available for Node Maintenance Operator 4.11 for RHEL 8. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-...

RHSA-2022:6187: Red Hat Security Advisory: Node Health Check Operator 0.3.1 security update

An update for node-healthcheck-operator-bundle-container and node-healthcheck-operator-container is now available for Node Healthcheck Operator 0.3 for RHEL 8. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-30631: golang: compress/gzip: stack exhaust...

RHSA-2022:6184: Red Hat Security Advisory: Self Node Remediation Operator 0.4.1 security update

This is an updated release of the Self Node Remediation Operator. The Self Node Remediation Operator replaces the Poison Pill Operator, and is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Red Hat Security Advisory 2022-6103-01

Red Hat Security Advisory 2022-6103-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.1.

RHSA-2022:6053: Red Hat Security Advisory: OpenShift Container Platform 4.7.56 security and bug fix update

Red Hat OpenShift Container Platform release 4.7.56 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Red Hat Security Advisory 2022-6051-01

Red Hat Security Advisory 2022-6051-01 - An update is now available for RHOL-5.5-RHEL-8. Issues addressed include denial of service, man-in-the-middle, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-6113-01

Red Hat Security Advisory 2022-6113-01 - Red Hat Application Interconnect 1.0 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. This is an update to the rpms for Red Hat Application Interconnect 1.0 to fix some security issues in the golang compiler.

RHSA-2022:6113: Red Hat Security Advisory: Red Hat Application Interconnect 1.0 Release (rpms)

Red Hat Application Interconnect 1.0 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. This is an update to the rpms for Red Hat Application Interconnect 1.0 to fix some security issues in the golang compiler. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original...

Red Hat Security Advisory 2022-6061-01

Red Hat Security Advisory 2022-6061-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6065-01

Red Hat Security Advisory 2022-6065-01 - Collectd plugin for gathering resource usage statistics from containers created with the libpod library.

Red Hat Security Advisory 2022-6062-01

Red Hat Security Advisory 2022-6062-01 - Collectd plugin for gathering resource usage statistics from containers created with the libpod library.

Red Hat Security Advisory 2022-6066-01

Red Hat Security Advisory 2022-6066-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability.

RHSA-2022:6066: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6065: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (collectd-libpod-stats) security update

An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6062: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (collectd-libpod-stats) security update

An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Red Hat Security Advisory 2022-6040-01

Red Hat Security Advisory 2022-6040-01 - Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6042-01

Red Hat Security Advisory 2022-6042-01 - Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include bypass and denial of service vulnerabilities.

CVE-2022-1705

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

CVE-2022-30631: GO-2022-0524 - Go Packages

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.

CVE-2022-28131: [security] Go 1.18.4 and Go 1.17.12 are released

In Decoder.Skip in encoding/xml in Go before 1.17.12 and 1.18.x before 1.18.4, stack exhaustion and a panic can occur via a deeply nested XML document.

CVE-2022-30630

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

CVE-2022-30633

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.

CVE-2022-30632: path/filepath: stack exhaustion in Glob · Issue #53416 · golang/go

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

CVE-2022-30635

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

CVE-2022-32148

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.

CVE-2022-1962

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.

CVE-2022-28131: GO-2022-0521 - Go Packages

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

RHSA-2022:6040: Red Hat Security Advisory: Release of OpenShift Serverless 1.24.0

Release of OpenShift Serverless 1.24.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * C...

Red Hat Security Advisory 2022-5924-01

Red Hat Security Advisory 2022-5924-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.

Red Hat Security Advisory 2022-5875-01

Red Hat Security Advisory 2022-5875-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.26.

Red Hat Security Advisory 2022-5923-01

Red Hat Security Advisory 2022-5923-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.

RHSA-2022:5875: Red Hat Security Advisory: OpenShift Container Platform 4.10.26 security update

Red Hat OpenShift Container Platform release 4.10.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23773: golang: cmd/go: misinterpretation of branch names can lead to incorrect access control * CVE-2022-23806: golang: crypto/elliptic: IsOnCurve returns true for invalid field elements * ...

RHSA-2022:5924: Red Hat Security Advisory: Service Telemetry Framework 1.4 security update

An update is now available for Service Telemetry Framework 1.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:5923: Red Hat Security Advisory: Service Telemetry Framework 1.3 security update

An update is now available for Service Telemetry Framework 1.3 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Gentoo Linux Security Advisory 202208-02

Gentoo Linux Security Advisory 202208-2 - Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. Versions less than 1.18.5 are affected.

RHSA-2022:5866: Red Hat Security Advisory: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update

An update for go-toolset-1.17 and go-toolset-1.17-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip:...

RHSA-2022:5799: Red Hat Security Advisory: go-toolset and golang security and bug fix update

An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion ...