Headline
RHSA-2022:5415: Red Hat Security Advisory: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update
An update for go-toolset-1.17 and go-toolset-1.17-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode
- CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression
- CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-06-28
Updated:
2022-06-28
RHSA-2022:5415 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for go-toolset-1.17 and go-toolset-1.17-golang is now available for Red Hat Developer Tools.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Security Fix(es):
- golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
- golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
- golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Update to Go 1.17.10 (BZ#2091072)
Affected Products
- Red Hat Developer Tools (for RHEL Workstation) 1 x86_64
- Red Hat Developer Tools (for RHEL Server) 1 x86_64
- Red Hat Developer Tools (for RHEL Server for System Z) 1 s390x
- Red Hat Developer Tools (for RHEL Server for IBM Power LE) 1 ppc64le
Fixes
- BZ - 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
- BZ - 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
- BZ - 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
Red Hat Developer Tools (for RHEL Workstation) 1
SRPM
go-toolset-1.17-1.17.10-1.el7_9.src.rpm
SHA-256: 7a44f44e171bb6c26635a65e8b2e02af1e3d39123fac0611cc10e9d2b992a67b
go-toolset-1.17-golang-1.17.10-1.el7_9.src.rpm
SHA-256: 7c3ec45dcb3c13c29260a04114394db4dabb352061a214638e8309de64a2629c
x86_64
go-toolset-1.17-1.17.10-1.el7_9.x86_64.rpm
SHA-256: bdeb8c3b3b0bf9cc0d5edfeaaf6932af05ed6ee28a60982527f2b897e3e9a4c6
go-toolset-1.17-build-1.17.10-1.el7_9.x86_64.rpm
SHA-256: e50bfa32e02d9d1f44a45262605bd6ee389a02c94c3867a6bc53eaa8400afcb5
go-toolset-1.17-golang-1.17.10-1.el7_9.x86_64.rpm
SHA-256: 32e8caaa39fd72b75a447964abfd75696075bbe65680a02480ca9ed58b628ab7
go-toolset-1.17-golang-bin-1.17.10-1.el7_9.x86_64.rpm
SHA-256: b933217c6148570aa6833d699f4722fa1f73b6c7ae8a163e2ac00bd672b3400f
go-toolset-1.17-golang-docs-1.17.10-1.el7_9.noarch.rpm
SHA-256: b80f11db3439a3aa4252092fa45afda59257ba1de7bc11a6985b5b92ffe815f9
go-toolset-1.17-golang-misc-1.17.10-1.el7_9.x86_64.rpm
SHA-256: 6bf2abd9541f725f7c4ca571aee3cb71f0e08ae87d4fc66f9971bd54dae6a01a
go-toolset-1.17-golang-race-1.17.10-1.el7_9.x86_64.rpm
SHA-256: 267febeff1f8db3a776cdff35b1b62b52601b8deb29a5e73e801e6b96b326663
go-toolset-1.17-golang-src-1.17.10-1.el7_9.x86_64.rpm
SHA-256: e83c55fe0bbcada427149c852d223c543d2e5bc7b09b6a137d01db2681d75fe6
go-toolset-1.17-golang-tests-1.17.10-1.el7_9.x86_64.rpm
SHA-256: 960ec58a4883a2ee8418f18cfb6c47b3ed95e34a18e682b053b086d95d2d8e47
go-toolset-1.17-runtime-1.17.10-1.el7_9.x86_64.rpm
SHA-256: fee3fd4619e9dbc7c7d4aaf8d501b55a98e48f86cd86b5e0c6e82bd62de44c32
go-toolset-1.17-scldevel-1.17.10-1.el7_9.x86_64.rpm
SHA-256: 467dc0fe4dabe243d4a14c99f9290a69868496216641647002571ed1f877369b
Red Hat Developer Tools (for RHEL Server) 1
SRPM
go-toolset-1.17-1.17.10-1.el7_9.src.rpm
SHA-256: 7a44f44e171bb6c26635a65e8b2e02af1e3d39123fac0611cc10e9d2b992a67b
go-toolset-1.17-golang-1.17.10-1.el7_9.src.rpm
SHA-256: 7c3ec45dcb3c13c29260a04114394db4dabb352061a214638e8309de64a2629c
x86_64
go-toolset-1.17-1.17.10-1.el7_9.x86_64.rpm
SHA-256: bdeb8c3b3b0bf9cc0d5edfeaaf6932af05ed6ee28a60982527f2b897e3e9a4c6
go-toolset-1.17-build-1.17.10-1.el7_9.x86_64.rpm
SHA-256: e50bfa32e02d9d1f44a45262605bd6ee389a02c94c3867a6bc53eaa8400afcb5
go-toolset-1.17-golang-1.17.10-1.el7_9.x86_64.rpm
SHA-256: 32e8caaa39fd72b75a447964abfd75696075bbe65680a02480ca9ed58b628ab7
go-toolset-1.17-golang-bin-1.17.10-1.el7_9.x86_64.rpm
SHA-256: b933217c6148570aa6833d699f4722fa1f73b6c7ae8a163e2ac00bd672b3400f
go-toolset-1.17-golang-docs-1.17.10-1.el7_9.noarch.rpm
SHA-256: b80f11db3439a3aa4252092fa45afda59257ba1de7bc11a6985b5b92ffe815f9
go-toolset-1.17-golang-misc-1.17.10-1.el7_9.x86_64.rpm
SHA-256: 6bf2abd9541f725f7c4ca571aee3cb71f0e08ae87d4fc66f9971bd54dae6a01a
go-toolset-1.17-golang-race-1.17.10-1.el7_9.x86_64.rpm
SHA-256: 267febeff1f8db3a776cdff35b1b62b52601b8deb29a5e73e801e6b96b326663
go-toolset-1.17-golang-src-1.17.10-1.el7_9.x86_64.rpm
SHA-256: e83c55fe0bbcada427149c852d223c543d2e5bc7b09b6a137d01db2681d75fe6
go-toolset-1.17-golang-tests-1.17.10-1.el7_9.x86_64.rpm
SHA-256: 960ec58a4883a2ee8418f18cfb6c47b3ed95e34a18e682b053b086d95d2d8e47
go-toolset-1.17-runtime-1.17.10-1.el7_9.x86_64.rpm
SHA-256: fee3fd4619e9dbc7c7d4aaf8d501b55a98e48f86cd86b5e0c6e82bd62de44c32
go-toolset-1.17-scldevel-1.17.10-1.el7_9.x86_64.rpm
SHA-256: 467dc0fe4dabe243d4a14c99f9290a69868496216641647002571ed1f877369b
Red Hat Developer Tools (for RHEL Server for System Z) 1
SRPM
go-toolset-1.17-1.17.10-1.el7_9.src.rpm
SHA-256: 7a44f44e171bb6c26635a65e8b2e02af1e3d39123fac0611cc10e9d2b992a67b
go-toolset-1.17-golang-1.17.10-1.el7_9.src.rpm
SHA-256: 7c3ec45dcb3c13c29260a04114394db4dabb352061a214638e8309de64a2629c
s390x
go-toolset-1.17-1.17.10-1.el7_9.s390x.rpm
SHA-256: 52a7cdf2358bbe2813a2459a4a629f21f3a94f7160c11097fb9b9901fee21d63
go-toolset-1.17-build-1.17.10-1.el7_9.s390x.rpm
SHA-256: 8445df332a14fa4ac49994fb6dbd92cb489074eda5592b4ec19d9bff31bb5e74
go-toolset-1.17-golang-1.17.10-1.el7_9.s390x.rpm
SHA-256: 9727df26b9ce05b76ce4c51357b9290e8389d82e45465f30cc5937312c768206
go-toolset-1.17-golang-bin-1.17.10-1.el7_9.s390x.rpm
SHA-256: 7ab8669fefe37a0d23e0021b246d307a24b33962840b8ae0151badaffdffb2de
go-toolset-1.17-golang-docs-1.17.10-1.el7_9.noarch.rpm
SHA-256: b80f11db3439a3aa4252092fa45afda59257ba1de7bc11a6985b5b92ffe815f9
go-toolset-1.17-golang-misc-1.17.10-1.el7_9.s390x.rpm
SHA-256: eac09d25e773d61a18e76d761d17056084cc9e0b2f9a10ca44f9d3fa71bf74a1
go-toolset-1.17-golang-src-1.17.10-1.el7_9.s390x.rpm
SHA-256: 0469e66a503718e2aa769556394d65af4ab9c83d6402d7301d7463a07e3152df
go-toolset-1.17-golang-tests-1.17.10-1.el7_9.s390x.rpm
SHA-256: a2b46f01354dc91ae986544691c5e423306048d0b89238cfbdccb582518792d9
go-toolset-1.17-runtime-1.17.10-1.el7_9.s390x.rpm
SHA-256: f25cafd08b363011a8e1139e7dfb127e6c3aac00b70bac331ab11de6e8e7c952
go-toolset-1.17-scldevel-1.17.10-1.el7_9.s390x.rpm
SHA-256: 495f05f8429cb53ec63c8612dbe843b1ec58570f8317334cdf52812fbbabd914
Red Hat Developer Tools (for RHEL Server for IBM Power LE) 1
SRPM
go-toolset-1.17-1.17.10-1.el7_9.src.rpm
SHA-256: 7a44f44e171bb6c26635a65e8b2e02af1e3d39123fac0611cc10e9d2b992a67b
go-toolset-1.17-golang-1.17.10-1.el7_9.src.rpm
SHA-256: 7c3ec45dcb3c13c29260a04114394db4dabb352061a214638e8309de64a2629c
ppc64le
go-toolset-1.17-1.17.10-1.el7_9.ppc64le.rpm
SHA-256: 2aedeec8546216b7eab082e43514f4c1cc0b71e743519101c372db458de47d3b
go-toolset-1.17-build-1.17.10-1.el7_9.ppc64le.rpm
SHA-256: 5d0678ee6f13e427662b75e9f81ae7ed7a2dbbfbb777a1d54c12309c340b65b2
go-toolset-1.17-golang-1.17.10-1.el7_9.ppc64le.rpm
SHA-256: df92d03e2c858295c528d045fb44c83dd698e5ee74fd4e0d907317f4f2e60461
go-toolset-1.17-golang-bin-1.17.10-1.el7_9.ppc64le.rpm
SHA-256: 6c01172a89dd01d2aa4a37ebaf206b1a86e5b7c3efc091fe0efcaa9c19c9495e
go-toolset-1.17-golang-docs-1.17.10-1.el7_9.noarch.rpm
SHA-256: b80f11db3439a3aa4252092fa45afda59257ba1de7bc11a6985b5b92ffe815f9
go-toolset-1.17-golang-misc-1.17.10-1.el7_9.ppc64le.rpm
SHA-256: 88b2e0a0286770e7c776b456b8ecccc10fc4057d9208a92a87d8821f93dcedb2
go-toolset-1.17-golang-src-1.17.10-1.el7_9.ppc64le.rpm
SHA-256: a87bcdfd17600d8a279b856b1269e157bf725ba49af636e219a177ca4f4bf484
go-toolset-1.17-golang-tests-1.17.10-1.el7_9.ppc64le.rpm
SHA-256: 0717f24ac3ec46f13e6068714c52ccead40fbc7a81932d00c388ecf648d03ab5
go-toolset-1.17-runtime-1.17.10-1.el7_9.ppc64le.rpm
SHA-256: 9cf1e9cad0876bde5fed03ecce215dd9ad6502fad5215ddeef63ec1098823e7a
go-toolset-1.17-scldevel-1.17.10-1.el7_9.ppc64le.rpm
SHA-256: 982fb54aae6ad42eec44388c7208ae5e0ef2a91ccb518e7cdf496f04ae2eb4e0
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.
Red Hat OpenShift Container Platform release 4.11.44 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issu...
Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where reques...
A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-42581: A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application. * CVE-2022-1650: A flaw was found in the EventSource NPM Package. The description from the source states the following messa...
Red Hat Security Advisory 2023-1529-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring. Issues addressed include a denial of service vulnerability.
Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-1962: A flaw was found in the golang standard library, go/par...
An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.
Red Hat Security Advisory 2023-0407-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.0 RPMs. Issues addressed include denial of service and out of bounds read vulnerabilities.
Updated release packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: ...
Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...
OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Red Hat Security Advisory 2022-6714-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes.
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...
Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...
Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6152-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.0.
Red Hat Security Advisory 2022-6277-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include denial of service and traversal vulnerabilities.
Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar...
OpenShift API for Data Protection (OADP) 1.1.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaus...
Red Hat Security Advisory 2022-6187-01 - This is an updated release of the Node Health Check Operator. You can use the Node Health Check Operator to deploy the Node Health Check controller. The controller identifies unhealthy nodes and uses the Self Node Remediation Operator to remediate the unhealthy nodes.
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23440: nodejs-set-value: type confusion allows bypass of CVE-2019-10747 * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-...
Updated packages that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar
Red Hat Security Advisory 2022-6094-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.28.
Red Hat OpenShift Container Platform release 4.10.28 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23773: golang: cmd/go: misinterpretation of branch names can lead to incorrect access control * CVE-2022-23806: golang: crypto/elliptic: IsOnCurve returns true for invalid field elements * ...
Red Hat Security Advisory 2022-6042-01 - Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include bypass and denial of service vulnerabilities.
Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.
Red Hat Security Advisory 2022-5068-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.
Release of OpenShift Serverless 1.24.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * C...
Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...
Red Hat Security Advisory 2022-5875-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.26.
Red Hat OpenShift Container Platform release 4.10.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23773: golang: cmd/go: misinterpretation of branch names can lead to incorrect access control * CVE-2022-23806: golang: crypto/elliptic: IsOnCurve returns true for invalid field elements * ...
Gentoo Linux Security Advisory 202208-2 - Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. Versions less than 1.18.5 are affected.
Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Red Hat Security Advisory 2022-5729-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.25.
Red Hat Security Advisory 2022-5730-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.25.
The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1365: cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group
Red Hat OpenShift Container Platform release 4.10.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921...
Red Hat OpenShift Container Platform release 4.10.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group
Red Hat Security Advisory 2022-5006-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2022-5006-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a traversal vulnerability.
Red Hat OpenShift Service Mesh 2.1.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1650: eventsource: Exposure of Sensitive Information * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar
Red Hat OpenShift Service Mesh 2.1.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1650: eventsource: Exposure of Sensitive Information * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.