Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:5415: Red Hat Security Advisory: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update

An update for go-toolset-1.17 and go-toolset-1.17-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode
  • CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression
  • CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-06-28

Updated:

2022-06-28

RHSA-2022:5415 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for go-toolset-1.17 and go-toolset-1.17-golang is now available for Red Hat Developer Tools.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

  • golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
  • golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
  • golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Update to Go 1.17.10 (BZ#2091072)

Affected Products

  • Red Hat Developer Tools (for RHEL Workstation) 1 x86_64
  • Red Hat Developer Tools (for RHEL Server) 1 x86_64
  • Red Hat Developer Tools (for RHEL Server for System Z) 1 s390x
  • Red Hat Developer Tools (for RHEL Server for IBM Power LE) 1 ppc64le

Fixes

  • BZ - 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
  • BZ - 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
  • BZ - 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar

Red Hat Developer Tools (for RHEL Workstation) 1

SRPM

go-toolset-1.17-1.17.10-1.el7_9.src.rpm

SHA-256: 7a44f44e171bb6c26635a65e8b2e02af1e3d39123fac0611cc10e9d2b992a67b

go-toolset-1.17-golang-1.17.10-1.el7_9.src.rpm

SHA-256: 7c3ec45dcb3c13c29260a04114394db4dabb352061a214638e8309de64a2629c

x86_64

go-toolset-1.17-1.17.10-1.el7_9.x86_64.rpm

SHA-256: bdeb8c3b3b0bf9cc0d5edfeaaf6932af05ed6ee28a60982527f2b897e3e9a4c6

go-toolset-1.17-build-1.17.10-1.el7_9.x86_64.rpm

SHA-256: e50bfa32e02d9d1f44a45262605bd6ee389a02c94c3867a6bc53eaa8400afcb5

go-toolset-1.17-golang-1.17.10-1.el7_9.x86_64.rpm

SHA-256: 32e8caaa39fd72b75a447964abfd75696075bbe65680a02480ca9ed58b628ab7

go-toolset-1.17-golang-bin-1.17.10-1.el7_9.x86_64.rpm

SHA-256: b933217c6148570aa6833d699f4722fa1f73b6c7ae8a163e2ac00bd672b3400f

go-toolset-1.17-golang-docs-1.17.10-1.el7_9.noarch.rpm

SHA-256: b80f11db3439a3aa4252092fa45afda59257ba1de7bc11a6985b5b92ffe815f9

go-toolset-1.17-golang-misc-1.17.10-1.el7_9.x86_64.rpm

SHA-256: 6bf2abd9541f725f7c4ca571aee3cb71f0e08ae87d4fc66f9971bd54dae6a01a

go-toolset-1.17-golang-race-1.17.10-1.el7_9.x86_64.rpm

SHA-256: 267febeff1f8db3a776cdff35b1b62b52601b8deb29a5e73e801e6b96b326663

go-toolset-1.17-golang-src-1.17.10-1.el7_9.x86_64.rpm

SHA-256: e83c55fe0bbcada427149c852d223c543d2e5bc7b09b6a137d01db2681d75fe6

go-toolset-1.17-golang-tests-1.17.10-1.el7_9.x86_64.rpm

SHA-256: 960ec58a4883a2ee8418f18cfb6c47b3ed95e34a18e682b053b086d95d2d8e47

go-toolset-1.17-runtime-1.17.10-1.el7_9.x86_64.rpm

SHA-256: fee3fd4619e9dbc7c7d4aaf8d501b55a98e48f86cd86b5e0c6e82bd62de44c32

go-toolset-1.17-scldevel-1.17.10-1.el7_9.x86_64.rpm

SHA-256: 467dc0fe4dabe243d4a14c99f9290a69868496216641647002571ed1f877369b

Red Hat Developer Tools (for RHEL Server) 1

SRPM

go-toolset-1.17-1.17.10-1.el7_9.src.rpm

SHA-256: 7a44f44e171bb6c26635a65e8b2e02af1e3d39123fac0611cc10e9d2b992a67b

go-toolset-1.17-golang-1.17.10-1.el7_9.src.rpm

SHA-256: 7c3ec45dcb3c13c29260a04114394db4dabb352061a214638e8309de64a2629c

x86_64

go-toolset-1.17-1.17.10-1.el7_9.x86_64.rpm

SHA-256: bdeb8c3b3b0bf9cc0d5edfeaaf6932af05ed6ee28a60982527f2b897e3e9a4c6

go-toolset-1.17-build-1.17.10-1.el7_9.x86_64.rpm

SHA-256: e50bfa32e02d9d1f44a45262605bd6ee389a02c94c3867a6bc53eaa8400afcb5

go-toolset-1.17-golang-1.17.10-1.el7_9.x86_64.rpm

SHA-256: 32e8caaa39fd72b75a447964abfd75696075bbe65680a02480ca9ed58b628ab7

go-toolset-1.17-golang-bin-1.17.10-1.el7_9.x86_64.rpm

SHA-256: b933217c6148570aa6833d699f4722fa1f73b6c7ae8a163e2ac00bd672b3400f

go-toolset-1.17-golang-docs-1.17.10-1.el7_9.noarch.rpm

SHA-256: b80f11db3439a3aa4252092fa45afda59257ba1de7bc11a6985b5b92ffe815f9

go-toolset-1.17-golang-misc-1.17.10-1.el7_9.x86_64.rpm

SHA-256: 6bf2abd9541f725f7c4ca571aee3cb71f0e08ae87d4fc66f9971bd54dae6a01a

go-toolset-1.17-golang-race-1.17.10-1.el7_9.x86_64.rpm

SHA-256: 267febeff1f8db3a776cdff35b1b62b52601b8deb29a5e73e801e6b96b326663

go-toolset-1.17-golang-src-1.17.10-1.el7_9.x86_64.rpm

SHA-256: e83c55fe0bbcada427149c852d223c543d2e5bc7b09b6a137d01db2681d75fe6

go-toolset-1.17-golang-tests-1.17.10-1.el7_9.x86_64.rpm

SHA-256: 960ec58a4883a2ee8418f18cfb6c47b3ed95e34a18e682b053b086d95d2d8e47

go-toolset-1.17-runtime-1.17.10-1.el7_9.x86_64.rpm

SHA-256: fee3fd4619e9dbc7c7d4aaf8d501b55a98e48f86cd86b5e0c6e82bd62de44c32

go-toolset-1.17-scldevel-1.17.10-1.el7_9.x86_64.rpm

SHA-256: 467dc0fe4dabe243d4a14c99f9290a69868496216641647002571ed1f877369b

Red Hat Developer Tools (for RHEL Server for System Z) 1

SRPM

go-toolset-1.17-1.17.10-1.el7_9.src.rpm

SHA-256: 7a44f44e171bb6c26635a65e8b2e02af1e3d39123fac0611cc10e9d2b992a67b

go-toolset-1.17-golang-1.17.10-1.el7_9.src.rpm

SHA-256: 7c3ec45dcb3c13c29260a04114394db4dabb352061a214638e8309de64a2629c

s390x

go-toolset-1.17-1.17.10-1.el7_9.s390x.rpm

SHA-256: 52a7cdf2358bbe2813a2459a4a629f21f3a94f7160c11097fb9b9901fee21d63

go-toolset-1.17-build-1.17.10-1.el7_9.s390x.rpm

SHA-256: 8445df332a14fa4ac49994fb6dbd92cb489074eda5592b4ec19d9bff31bb5e74

go-toolset-1.17-golang-1.17.10-1.el7_9.s390x.rpm

SHA-256: 9727df26b9ce05b76ce4c51357b9290e8389d82e45465f30cc5937312c768206

go-toolset-1.17-golang-bin-1.17.10-1.el7_9.s390x.rpm

SHA-256: 7ab8669fefe37a0d23e0021b246d307a24b33962840b8ae0151badaffdffb2de

go-toolset-1.17-golang-docs-1.17.10-1.el7_9.noarch.rpm

SHA-256: b80f11db3439a3aa4252092fa45afda59257ba1de7bc11a6985b5b92ffe815f9

go-toolset-1.17-golang-misc-1.17.10-1.el7_9.s390x.rpm

SHA-256: eac09d25e773d61a18e76d761d17056084cc9e0b2f9a10ca44f9d3fa71bf74a1

go-toolset-1.17-golang-src-1.17.10-1.el7_9.s390x.rpm

SHA-256: 0469e66a503718e2aa769556394d65af4ab9c83d6402d7301d7463a07e3152df

go-toolset-1.17-golang-tests-1.17.10-1.el7_9.s390x.rpm

SHA-256: a2b46f01354dc91ae986544691c5e423306048d0b89238cfbdccb582518792d9

go-toolset-1.17-runtime-1.17.10-1.el7_9.s390x.rpm

SHA-256: f25cafd08b363011a8e1139e7dfb127e6c3aac00b70bac331ab11de6e8e7c952

go-toolset-1.17-scldevel-1.17.10-1.el7_9.s390x.rpm

SHA-256: 495f05f8429cb53ec63c8612dbe843b1ec58570f8317334cdf52812fbbabd914

Red Hat Developer Tools (for RHEL Server for IBM Power LE) 1

SRPM

go-toolset-1.17-1.17.10-1.el7_9.src.rpm

SHA-256: 7a44f44e171bb6c26635a65e8b2e02af1e3d39123fac0611cc10e9d2b992a67b

go-toolset-1.17-golang-1.17.10-1.el7_9.src.rpm

SHA-256: 7c3ec45dcb3c13c29260a04114394db4dabb352061a214638e8309de64a2629c

ppc64le

go-toolset-1.17-1.17.10-1.el7_9.ppc64le.rpm

SHA-256: 2aedeec8546216b7eab082e43514f4c1cc0b71e743519101c372db458de47d3b

go-toolset-1.17-build-1.17.10-1.el7_9.ppc64le.rpm

SHA-256: 5d0678ee6f13e427662b75e9f81ae7ed7a2dbbfbb777a1d54c12309c340b65b2

go-toolset-1.17-golang-1.17.10-1.el7_9.ppc64le.rpm

SHA-256: df92d03e2c858295c528d045fb44c83dd698e5ee74fd4e0d907317f4f2e60461

go-toolset-1.17-golang-bin-1.17.10-1.el7_9.ppc64le.rpm

SHA-256: 6c01172a89dd01d2aa4a37ebaf206b1a86e5b7c3efc091fe0efcaa9c19c9495e

go-toolset-1.17-golang-docs-1.17.10-1.el7_9.noarch.rpm

SHA-256: b80f11db3439a3aa4252092fa45afda59257ba1de7bc11a6985b5b92ffe815f9

go-toolset-1.17-golang-misc-1.17.10-1.el7_9.ppc64le.rpm

SHA-256: 88b2e0a0286770e7c776b456b8ecccc10fc4057d9208a92a87d8821f93dcedb2

go-toolset-1.17-golang-src-1.17.10-1.el7_9.ppc64le.rpm

SHA-256: a87bcdfd17600d8a279b856b1269e157bf725ba49af636e219a177ca4f4bf484

go-toolset-1.17-golang-tests-1.17.10-1.el7_9.ppc64le.rpm

SHA-256: 0717f24ac3ec46f13e6068714c52ccead40fbc7a81932d00c388ecf648d03ab5

go-toolset-1.17-runtime-1.17.10-1.el7_9.ppc64le.rpm

SHA-256: 9cf1e9cad0876bde5fed03ecce215dd9ad6502fad5215ddeef63ec1098823e7a

go-toolset-1.17-scldevel-1.17.10-1.el7_9.ppc64le.rpm

SHA-256: 982fb54aae6ad42eec44388c7208ae5e0ef2a91ccb518e7cdf496f04ae2eb4e0

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-28864: Chef Infra Server Release Notes

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

RHSA-2023:3914: Red Hat Security Advisory: Red Hat OpenShift Enterprise security update

Red Hat OpenShift Container Platform release 4.11.44 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issu...

RHSA-2023:3664: Red Hat Security Advisory: OpenShift Jenkins image and Jenkins agent base image security update

Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where reques...

RHSA-2023:3642: Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update

A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-42581: A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application. * CVE-2022-1650: A flaw was found in the EventSource NPM Package. The description from the source states the following messa...

Red Hat Security Advisory 2023-1529-01

Red Hat Security Advisory 2023-1529-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring. Issues addressed include a denial of service vulnerability.

RHSA-2023:1042: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates)

Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-1962: A flaw was found in the golang standard library, go/par...

CVE-2022-42950: Couchbase Alerts

An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.

Red Hat Security Advisory 2023-0407-01

Red Hat Security Advisory 2023-0407-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.0 RPMs. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2023:0407: Red Hat Security Advisory: OpenShift Virtualization 4.12.0 RPMs security update

Updated release packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: ...

RHSA-2022:8750: Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update

Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...

RHSA-2022:7058: Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update

OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Red Hat Security Advisory 2022-6714-01

Red Hat Security Advisory 2022-6714-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes.

RHSA-2022:6714: Red Hat Security Advisory: RHACS 3.72 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...

Red Hat Security Advisory 2022-6526-01

Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

RHSA-2022:6526: Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...

Red Hat Security Advisory 2022-6430-01

Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6152-01

Red Hat Security Advisory 2022-6152-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.0.

Red Hat Security Advisory 2022-6277-01

Red Hat Security Advisory 2022-6277-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include denial of service and traversal vulnerabilities.

RHSA-2022:6152: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar...

RHSA-2022:6290: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaus...

Red Hat Security Advisory 2022-6187-01

Red Hat Security Advisory 2022-6187-01 - This is an updated release of the Node Health Check Operator. You can use the Node Health Check Operator to deploy the Node Health Check controller. The controller identifies unhealthy nodes and uses the Self Node Remediation Operator to remediate the unhealthy nodes.

RHSA-2022:6156: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23440: nodejs-set-value: type confusion allows bypass of CVE-2019-10747 * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-...

RHSA-2022:6155: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement & bugfix update

Updated packages that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar

Red Hat Security Advisory 2022-6094-01

Red Hat Security Advisory 2022-6094-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.28.

RHSA-2022:6094: Red Hat Security Advisory: OpenShift Container Platform 4.10.28 packages and security update

Red Hat OpenShift Container Platform release 4.10.28 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23773: golang: cmd/go: misinterpretation of branch names can lead to incorrect access control * CVE-2022-23806: golang: crypto/elliptic: IsOnCurve returns true for invalid field elements * ...

Red Hat Security Advisory 2022-6042-01

Red Hat Security Advisory 2022-6042-01 - Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2022-5069-01

Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.

Red Hat Security Advisory 2022-5068-01

Red Hat Security Advisory 2022-5068-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-5070-01

Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.

RHSA-2022:6040: Red Hat Security Advisory: Release of OpenShift Serverless 1.24.0

Release of OpenShift Serverless 1.24.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * C...

RHSA-2022:5069: Red Hat Security Advisory: OpenShift Container Platform 4.11.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...

Red Hat Security Advisory 2022-5875-01

Red Hat Security Advisory 2022-5875-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.26.

RHSA-2022:5875: Red Hat Security Advisory: OpenShift Container Platform 4.10.26 security update

Red Hat OpenShift Container Platform release 4.10.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23773: golang: cmd/go: misinterpretation of branch names can lead to incorrect access control * CVE-2022-23806: golang: crypto/elliptic: IsOnCurve returns true for invalid field elements * ...

Gentoo Linux Security Advisory 202208-02

Gentoo Linux Security Advisory 202208-2 - Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. Versions less than 1.18.5 are affected.

Red Hat Security Advisory 2022-5840-01

Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

Red Hat Security Advisory 2022-5729-01

Red Hat Security Advisory 2022-5729-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.25.

Red Hat Security Advisory 2022-5730-01

Red Hat Security Advisory 2022-5730-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.25.

RHSA-2022:5840: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1365: cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group

RHSA-2022:5730: Red Hat Security Advisory: OpenShift Container Platform 4.10.25 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921...

RHSA-2022:5729: Red Hat Security Advisory: OpenShift Container Platform 4.10.25 security update

Red Hat OpenShift Container Platform release 4.10.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression

RHSA-2022:5337: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group

RHSA-2022:5337: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group

Red Hat Security Advisory 2022-5006-01

Red Hat Security Advisory 2022-5006-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-5006-01

Red Hat Security Advisory 2022-5006-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a traversal vulnerability.

RHSA-2022:5006: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.3 Containers security update

Red Hat OpenShift Service Mesh 2.1.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1650: eventsource: Exposure of Sensitive Information * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar

RHSA-2022:5006: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.3 Containers security update

Red Hat OpenShift Service Mesh 2.1.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1650: eventsource: Exposure of Sensitive Information * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar

CVE-2022-24921: [security] Go 1.17.8 and Go 1.16.15 are released

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.