Headline
RHSA-2022:5799: Red Hat Security Advisory: go-toolset and golang security and bug fix update
An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header
- CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions
- CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip
- CVE-2022-30630: golang: io/fs: stack exhaustion in Glob
- CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
- CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob
- CVE-2022-30633: golang: encoding/xml: stack exhaustion in Unmarshal
- CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode
- CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
Synopsis
Important: go-toolset and golang security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
The golang packages provide the Go programming language compiler.
Security Fix(es):
- golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
- golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
- golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
- golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
- golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
- golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
- golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
- golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
- golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Clean up dist-git patches (BZ#2109174)
- Update Go to version 1.17.12 (BZ#2109183)
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- BZ - 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
- BZ - 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
- BZ - 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
- BZ - 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
- BZ - 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
- BZ - 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
- BZ - 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
- BZ - 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
CVEs
- CVE-2022-1705
- CVE-2022-1962
- CVE-2022-28131
- CVE-2022-30630
- CVE-2022-30631
- CVE-2022-30632
- CVE-2022-30633
- CVE-2022-30635
- CVE-2022-32148
Red Hat Enterprise Linux for x86_64 9
SRPM
go-toolset-1.17.12-1.el9_0.src.rpm
SHA-256: 3ad930982493d415026691550eda18ba2d915e4b768079a2a6cd13c54db59a89
golang-1.17.12-1.el9_0.src.rpm
SHA-256: bdeff3588ff64c3395c33217c3574bc60bac8535b281135845ae4089a4fdb572
x86_64
go-toolset-1.17.12-1.el9_0.x86_64.rpm
SHA-256: accb29c6e06b4e0eab511a4a44be6e48247c4452f7caf0aa3c76c4d6fd6ffa29
golang-1.17.12-1.el9_0.x86_64.rpm
SHA-256: 04b3355d7cda5ace2def8e552992f2ef0f4af54f55c587191dd8162b90e429ca
golang-bin-1.17.12-1.el9_0.x86_64.rpm
SHA-256: 229a8ef29011a9a04771f5e65d1dee667907f55c1efba49db4c63bdc49abb994
golang-docs-1.17.12-1.el9_0.noarch.rpm
SHA-256: 4ac146347bfd1b3adf3761751b59270cbb9681c082813a5de7baf228a02794a8
golang-misc-1.17.12-1.el9_0.noarch.rpm
SHA-256: 08f0001c2e3c02932feb4a5c57cb03c02d665d05ff35dad10550cd9a86579e54
golang-race-1.17.12-1.el9_0.x86_64.rpm
SHA-256: 004495e1cf6644979713f63bd442650fdb4d84969a08c2bee73064d397908391
golang-src-1.17.12-1.el9_0.noarch.rpm
SHA-256: 065063b5079790c24284ae52dbfe4f1ffac7f03015a31d34b15cfcf09d2112fb
golang-tests-1.17.12-1.el9_0.noarch.rpm
SHA-256: d1dc4424e9938083f1d28709083e13d485d4a4f2c9e2419c1224ae208e261456
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
go-toolset-1.17.12-1.el9_0.src.rpm
SHA-256: 3ad930982493d415026691550eda18ba2d915e4b768079a2a6cd13c54db59a89
golang-1.17.12-1.el9_0.src.rpm
SHA-256: bdeff3588ff64c3395c33217c3574bc60bac8535b281135845ae4089a4fdb572
x86_64
go-toolset-1.17.12-1.el9_0.x86_64.rpm
SHA-256: accb29c6e06b4e0eab511a4a44be6e48247c4452f7caf0aa3c76c4d6fd6ffa29
golang-1.17.12-1.el9_0.x86_64.rpm
SHA-256: 04b3355d7cda5ace2def8e552992f2ef0f4af54f55c587191dd8162b90e429ca
golang-bin-1.17.12-1.el9_0.x86_64.rpm
SHA-256: 229a8ef29011a9a04771f5e65d1dee667907f55c1efba49db4c63bdc49abb994
golang-docs-1.17.12-1.el9_0.noarch.rpm
SHA-256: 4ac146347bfd1b3adf3761751b59270cbb9681c082813a5de7baf228a02794a8
golang-misc-1.17.12-1.el9_0.noarch.rpm
SHA-256: 08f0001c2e3c02932feb4a5c57cb03c02d665d05ff35dad10550cd9a86579e54
golang-race-1.17.12-1.el9_0.x86_64.rpm
SHA-256: 004495e1cf6644979713f63bd442650fdb4d84969a08c2bee73064d397908391
golang-src-1.17.12-1.el9_0.noarch.rpm
SHA-256: 065063b5079790c24284ae52dbfe4f1ffac7f03015a31d34b15cfcf09d2112fb
golang-tests-1.17.12-1.el9_0.noarch.rpm
SHA-256: d1dc4424e9938083f1d28709083e13d485d4a4f2c9e2419c1224ae208e261456
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
go-toolset-1.17.12-1.el9_0.src.rpm
SHA-256: 3ad930982493d415026691550eda18ba2d915e4b768079a2a6cd13c54db59a89
golang-1.17.12-1.el9_0.src.rpm
SHA-256: bdeff3588ff64c3395c33217c3574bc60bac8535b281135845ae4089a4fdb572
s390x
go-toolset-1.17.12-1.el9_0.s390x.rpm
SHA-256: 84f704dd02f6d6ed4e764c0eeac7e4d69f21c4286cd86b1f19b078513dd44bf1
golang-1.17.12-1.el9_0.s390x.rpm
SHA-256: 2bc4af7d0582fc18d52ee69f18329ebf060f89e77c9bd46c7f3c14e78058cc8b
golang-bin-1.17.12-1.el9_0.s390x.rpm
SHA-256: 3cb7eb2ee25d192af3ce37a88a39c3a91974a214a2350f58fbe83c08f1fc4a1a
golang-docs-1.17.12-1.el9_0.noarch.rpm
SHA-256: 4ac146347bfd1b3adf3761751b59270cbb9681c082813a5de7baf228a02794a8
golang-misc-1.17.12-1.el9_0.noarch.rpm
SHA-256: 08f0001c2e3c02932feb4a5c57cb03c02d665d05ff35dad10550cd9a86579e54
golang-src-1.17.12-1.el9_0.noarch.rpm
SHA-256: 065063b5079790c24284ae52dbfe4f1ffac7f03015a31d34b15cfcf09d2112fb
golang-tests-1.17.12-1.el9_0.noarch.rpm
SHA-256: d1dc4424e9938083f1d28709083e13d485d4a4f2c9e2419c1224ae208e261456
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
go-toolset-1.17.12-1.el9_0.src.rpm
SHA-256: 3ad930982493d415026691550eda18ba2d915e4b768079a2a6cd13c54db59a89
golang-1.17.12-1.el9_0.src.rpm
SHA-256: bdeff3588ff64c3395c33217c3574bc60bac8535b281135845ae4089a4fdb572
s390x
go-toolset-1.17.12-1.el9_0.s390x.rpm
SHA-256: 84f704dd02f6d6ed4e764c0eeac7e4d69f21c4286cd86b1f19b078513dd44bf1
golang-1.17.12-1.el9_0.s390x.rpm
SHA-256: 2bc4af7d0582fc18d52ee69f18329ebf060f89e77c9bd46c7f3c14e78058cc8b
golang-bin-1.17.12-1.el9_0.s390x.rpm
SHA-256: 3cb7eb2ee25d192af3ce37a88a39c3a91974a214a2350f58fbe83c08f1fc4a1a
golang-docs-1.17.12-1.el9_0.noarch.rpm
SHA-256: 4ac146347bfd1b3adf3761751b59270cbb9681c082813a5de7baf228a02794a8
golang-misc-1.17.12-1.el9_0.noarch.rpm
SHA-256: 08f0001c2e3c02932feb4a5c57cb03c02d665d05ff35dad10550cd9a86579e54
golang-src-1.17.12-1.el9_0.noarch.rpm
SHA-256: 065063b5079790c24284ae52dbfe4f1ffac7f03015a31d34b15cfcf09d2112fb
golang-tests-1.17.12-1.el9_0.noarch.rpm
SHA-256: d1dc4424e9938083f1d28709083e13d485d4a4f2c9e2419c1224ae208e261456
Red Hat Enterprise Linux for Power, little endian 9
SRPM
go-toolset-1.17.12-1.el9_0.src.rpm
SHA-256: 3ad930982493d415026691550eda18ba2d915e4b768079a2a6cd13c54db59a89
golang-1.17.12-1.el9_0.src.rpm
SHA-256: bdeff3588ff64c3395c33217c3574bc60bac8535b281135845ae4089a4fdb572
ppc64le
go-toolset-1.17.12-1.el9_0.ppc64le.rpm
SHA-256: 4d5e34635c86ed087506b95e95311539f2448c9fb06689d42979e6b8868f05ef
golang-1.17.12-1.el9_0.ppc64le.rpm
SHA-256: 64a71559fc5e23bbcb79ca06da97d45943b196889e7cb3ebb30b15b38cf66de5
golang-bin-1.17.12-1.el9_0.ppc64le.rpm
SHA-256: e2765a9f01d3eea56fca0295eec8074d69e35a5af9e0ce2a81e76dfe48840f70
golang-docs-1.17.12-1.el9_0.noarch.rpm
SHA-256: 4ac146347bfd1b3adf3761751b59270cbb9681c082813a5de7baf228a02794a8
golang-misc-1.17.12-1.el9_0.noarch.rpm
SHA-256: 08f0001c2e3c02932feb4a5c57cb03c02d665d05ff35dad10550cd9a86579e54
golang-src-1.17.12-1.el9_0.noarch.rpm
SHA-256: 065063b5079790c24284ae52dbfe4f1ffac7f03015a31d34b15cfcf09d2112fb
golang-tests-1.17.12-1.el9_0.noarch.rpm
SHA-256: d1dc4424e9938083f1d28709083e13d485d4a4f2c9e2419c1224ae208e261456
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
go-toolset-1.17.12-1.el9_0.src.rpm
SHA-256: 3ad930982493d415026691550eda18ba2d915e4b768079a2a6cd13c54db59a89
golang-1.17.12-1.el9_0.src.rpm
SHA-256: bdeff3588ff64c3395c33217c3574bc60bac8535b281135845ae4089a4fdb572
ppc64le
go-toolset-1.17.12-1.el9_0.ppc64le.rpm
SHA-256: 4d5e34635c86ed087506b95e95311539f2448c9fb06689d42979e6b8868f05ef
golang-1.17.12-1.el9_0.ppc64le.rpm
SHA-256: 64a71559fc5e23bbcb79ca06da97d45943b196889e7cb3ebb30b15b38cf66de5
golang-bin-1.17.12-1.el9_0.ppc64le.rpm
SHA-256: e2765a9f01d3eea56fca0295eec8074d69e35a5af9e0ce2a81e76dfe48840f70
golang-docs-1.17.12-1.el9_0.noarch.rpm
SHA-256: 4ac146347bfd1b3adf3761751b59270cbb9681c082813a5de7baf228a02794a8
golang-misc-1.17.12-1.el9_0.noarch.rpm
SHA-256: 08f0001c2e3c02932feb4a5c57cb03c02d665d05ff35dad10550cd9a86579e54
golang-src-1.17.12-1.el9_0.noarch.rpm
SHA-256: 065063b5079790c24284ae52dbfe4f1ffac7f03015a31d34b15cfcf09d2112fb
golang-tests-1.17.12-1.el9_0.noarch.rpm
SHA-256: d1dc4424e9938083f1d28709083e13d485d4a4f2c9e2419c1224ae208e261456
Red Hat Enterprise Linux for ARM 64 9
SRPM
go-toolset-1.17.12-1.el9_0.src.rpm
SHA-256: 3ad930982493d415026691550eda18ba2d915e4b768079a2a6cd13c54db59a89
golang-1.17.12-1.el9_0.src.rpm
SHA-256: bdeff3588ff64c3395c33217c3574bc60bac8535b281135845ae4089a4fdb572
aarch64
go-toolset-1.17.12-1.el9_0.aarch64.rpm
SHA-256: 5079ecccbe7cba2187af64d205749efd12a7b2cba6ba05d7db06d4a799bcb855
golang-1.17.12-1.el9_0.aarch64.rpm
SHA-256: 67493f9764862116efdd93c023e463bf85b818b893753d9ebf00c81ddf0d8581
golang-bin-1.17.12-1.el9_0.aarch64.rpm
SHA-256: 4f39151da8cd8bb228dc1653dbe4dd4ff20c27ba003609b696c1afcaf6dce46c
golang-docs-1.17.12-1.el9_0.noarch.rpm
SHA-256: 4ac146347bfd1b3adf3761751b59270cbb9681c082813a5de7baf228a02794a8
golang-misc-1.17.12-1.el9_0.noarch.rpm
SHA-256: 08f0001c2e3c02932feb4a5c57cb03c02d665d05ff35dad10550cd9a86579e54
golang-src-1.17.12-1.el9_0.noarch.rpm
SHA-256: 065063b5079790c24284ae52dbfe4f1ffac7f03015a31d34b15cfcf09d2112fb
golang-tests-1.17.12-1.el9_0.noarch.rpm
SHA-256: d1dc4424e9938083f1d28709083e13d485d4a4f2c9e2419c1224ae208e261456
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
go-toolset-1.17.12-1.el9_0.src.rpm
SHA-256: 3ad930982493d415026691550eda18ba2d915e4b768079a2a6cd13c54db59a89
golang-1.17.12-1.el9_0.src.rpm
SHA-256: bdeff3588ff64c3395c33217c3574bc60bac8535b281135845ae4089a4fdb572
aarch64
go-toolset-1.17.12-1.el9_0.aarch64.rpm
SHA-256: 5079ecccbe7cba2187af64d205749efd12a7b2cba6ba05d7db06d4a799bcb855
golang-1.17.12-1.el9_0.aarch64.rpm
SHA-256: 67493f9764862116efdd93c023e463bf85b818b893753d9ebf00c81ddf0d8581
golang-bin-1.17.12-1.el9_0.aarch64.rpm
SHA-256: 4f39151da8cd8bb228dc1653dbe4dd4ff20c27ba003609b696c1afcaf6dce46c
golang-docs-1.17.12-1.el9_0.noarch.rpm
SHA-256: 4ac146347bfd1b3adf3761751b59270cbb9681c082813a5de7baf228a02794a8
golang-misc-1.17.12-1.el9_0.noarch.rpm
SHA-256: 08f0001c2e3c02932feb4a5c57cb03c02d665d05ff35dad10550cd9a86579e54
golang-src-1.17.12-1.el9_0.noarch.rpm
SHA-256: 065063b5079790c24284ae52dbfe4f1ffac7f03015a31d34b15cfcf09d2112fb
golang-tests-1.17.12-1.el9_0.noarch.rpm
SHA-256: d1dc4424e9938083f1d28709083e13d485d4a4f2c9e2419c1224ae208e261456
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
go-toolset-1.17.12-1.el9_0.src.rpm
SHA-256: 3ad930982493d415026691550eda18ba2d915e4b768079a2a6cd13c54db59a89
golang-1.17.12-1.el9_0.src.rpm
SHA-256: bdeff3588ff64c3395c33217c3574bc60bac8535b281135845ae4089a4fdb572
ppc64le
go-toolset-1.17.12-1.el9_0.ppc64le.rpm
SHA-256: 4d5e34635c86ed087506b95e95311539f2448c9fb06689d42979e6b8868f05ef
golang-1.17.12-1.el9_0.ppc64le.rpm
SHA-256: 64a71559fc5e23bbcb79ca06da97d45943b196889e7cb3ebb30b15b38cf66de5
golang-bin-1.17.12-1.el9_0.ppc64le.rpm
SHA-256: e2765a9f01d3eea56fca0295eec8074d69e35a5af9e0ce2a81e76dfe48840f70
golang-docs-1.17.12-1.el9_0.noarch.rpm
SHA-256: 4ac146347bfd1b3adf3761751b59270cbb9681c082813a5de7baf228a02794a8
golang-misc-1.17.12-1.el9_0.noarch.rpm
SHA-256: 08f0001c2e3c02932feb4a5c57cb03c02d665d05ff35dad10550cd9a86579e54
golang-src-1.17.12-1.el9_0.noarch.rpm
SHA-256: 065063b5079790c24284ae52dbfe4f1ffac7f03015a31d34b15cfcf09d2112fb
golang-tests-1.17.12-1.el9_0.noarch.rpm
SHA-256: d1dc4424e9938083f1d28709083e13d485d4a4f2c9e2419c1224ae208e261456
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
go-toolset-1.17.12-1.el9_0.src.rpm
SHA-256: 3ad930982493d415026691550eda18ba2d915e4b768079a2a6cd13c54db59a89
golang-1.17.12-1.el9_0.src.rpm
SHA-256: bdeff3588ff64c3395c33217c3574bc60bac8535b281135845ae4089a4fdb572
x86_64
go-toolset-1.17.12-1.el9_0.x86_64.rpm
SHA-256: accb29c6e06b4e0eab511a4a44be6e48247c4452f7caf0aa3c76c4d6fd6ffa29
golang-1.17.12-1.el9_0.x86_64.rpm
SHA-256: 04b3355d7cda5ace2def8e552992f2ef0f4af54f55c587191dd8162b90e429ca
golang-bin-1.17.12-1.el9_0.x86_64.rpm
SHA-256: 229a8ef29011a9a04771f5e65d1dee667907f55c1efba49db4c63bdc49abb994
golang-docs-1.17.12-1.el9_0.noarch.rpm
SHA-256: 4ac146347bfd1b3adf3761751b59270cbb9681c082813a5de7baf228a02794a8
golang-misc-1.17.12-1.el9_0.noarch.rpm
SHA-256: 08f0001c2e3c02932feb4a5c57cb03c02d665d05ff35dad10550cd9a86579e54
golang-race-1.17.12-1.el9_0.x86_64.rpm
SHA-256: 004495e1cf6644979713f63bd442650fdb4d84969a08c2bee73064d397908391
golang-src-1.17.12-1.el9_0.noarch.rpm
SHA-256: 065063b5079790c24284ae52dbfe4f1ffac7f03015a31d34b15cfcf09d2112fb
golang-tests-1.17.12-1.el9_0.noarch.rpm
SHA-256: d1dc4424e9938083f1d28709083e13d485d4a4f2c9e2419c1224ae208e261456
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
go-toolset-1.17.12-1.el9_0.src.rpm
SHA-256: 3ad930982493d415026691550eda18ba2d915e4b768079a2a6cd13c54db59a89
golang-1.17.12-1.el9_0.src.rpm
SHA-256: bdeff3588ff64c3395c33217c3574bc60bac8535b281135845ae4089a4fdb572
aarch64
go-toolset-1.17.12-1.el9_0.aarch64.rpm
SHA-256: 5079ecccbe7cba2187af64d205749efd12a7b2cba6ba05d7db06d4a799bcb855
golang-1.17.12-1.el9_0.aarch64.rpm
SHA-256: 67493f9764862116efdd93c023e463bf85b818b893753d9ebf00c81ddf0d8581
golang-bin-1.17.12-1.el9_0.aarch64.rpm
SHA-256: 4f39151da8cd8bb228dc1653dbe4dd4ff20c27ba003609b696c1afcaf6dce46c
golang-docs-1.17.12-1.el9_0.noarch.rpm
SHA-256: 4ac146347bfd1b3adf3761751b59270cbb9681c082813a5de7baf228a02794a8
golang-misc-1.17.12-1.el9_0.noarch.rpm
SHA-256: 08f0001c2e3c02932feb4a5c57cb03c02d665d05ff35dad10550cd9a86579e54
golang-src-1.17.12-1.el9_0.noarch.rpm
SHA-256: 065063b5079790c24284ae52dbfe4f1ffac7f03015a31d34b15cfcf09d2112fb
golang-tests-1.17.12-1.el9_0.noarch.rpm
SHA-256: d1dc4424e9938083f1d28709083e13d485d4a4f2c9e2419c1224ae208e261456
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
go-toolset-1.17.12-1.el9_0.src.rpm
SHA-256: 3ad930982493d415026691550eda18ba2d915e4b768079a2a6cd13c54db59a89
golang-1.17.12-1.el9_0.src.rpm
SHA-256: bdeff3588ff64c3395c33217c3574bc60bac8535b281135845ae4089a4fdb572
s390x
go-toolset-1.17.12-1.el9_0.s390x.rpm
SHA-256: 84f704dd02f6d6ed4e764c0eeac7e4d69f21c4286cd86b1f19b078513dd44bf1
golang-1.17.12-1.el9_0.s390x.rpm
SHA-256: 2bc4af7d0582fc18d52ee69f18329ebf060f89e77c9bd46c7f3c14e78058cc8b
golang-bin-1.17.12-1.el9_0.s390x.rpm
SHA-256: 3cb7eb2ee25d192af3ce37a88a39c3a91974a214a2350f58fbe83c08f1fc4a1a
golang-docs-1.17.12-1.el9_0.noarch.rpm
SHA-256: 4ac146347bfd1b3adf3761751b59270cbb9681c082813a5de7baf228a02794a8
golang-misc-1.17.12-1.el9_0.noarch.rpm
SHA-256: 08f0001c2e3c02932feb4a5c57cb03c02d665d05ff35dad10550cd9a86579e54
golang-src-1.17.12-1.el9_0.noarch.rpm
SHA-256: 065063b5079790c24284ae52dbfe4f1ffac7f03015a31d34b15cfcf09d2112fb
golang-tests-1.17.12-1.el9_0.noarch.rpm
SHA-256: d1dc4424e9938083f1d28709083e13d485d4a4f2c9e2419c1224ae208e261456
Related news
Red Hat Security Advisory 2024-1433-03 - Migration Toolkit for Applications 7.0.2 release.
Ubuntu Security Notice 6038-2 - USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Red Hat Security Advisory 2023-3644-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.
An update for git-lfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by r...
Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect ...
Red Hat Security Advisory 2023-1275-01 - An update for etcd is now available for Red Hat OpenStack Platform. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-1042-01 - Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates.
The Migration Toolkit for Containers (MTC) 1.7.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43138: A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method. * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw a...
Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.
Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.
Updated release packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: ...
Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...
The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...
Red Hat Security Advisory 2022-8634-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
Red Hat Security Advisory 2022-8250-01 - The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.
An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23648: sanitize-url: XSS due to improper sanitization in sanitizeUrl function * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources * CVE-2022-216...
Red Hat Security Advisory 2022-7648-01 - The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.
An update for grafana-pcp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE...
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23648: sanitize-url: XSS due to improper sanitization in sanitizeUrl function * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources * CVE-2022-2169...
An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28851: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension * CVE-2020-28852: golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWA...
Red Hat Security Advisory 2022-7058-01 - OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. Issues addressed include a null pointer vulnerability.
OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob
Red Hat Security Advisory 2022-6560-01 - An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate.
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...
Red Hat Security Advisory 2022-6308-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.49. There are no RPMs for this release. Space precludes documenting all of the container images in this advisory. Issues addressed include bypass and code execution vulnerabilities.
Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
OpenShift API for Data Protection (OADP) 1.0.4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30629: golang: crypto/tls: session ti...
Red Hat Security Advisory 2022-6370-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix security issues and several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6183-01 - Logging Subsystem 5.4.5 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.
Red Hat Security Advisory 2022-6345-01 - Multicluster engine for Kubernetes 2.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6348-01 - Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades.
Red Hat Security Advisory 2022-6344-01 - Logging Subsystem 5.5.1 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.
Red Hat Advanced Cluster Management for Kubernetes 2.6.0 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_a...
Logging Subsystem 5.5.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
Multicluster Engine v2.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzi...
VolSync v0.5 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack e...
Gatekeeper Operator v0.2 security updates Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: gol...
Submariner 0.13 packages that fix security issues and bugs, as well as adds various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions...
Red Hat Security Advisory 2022-6152-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.0.
Red Hat Security Advisory 2022-6283-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release.
Red Hat OpenShift Service Mesh 2.2.2 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30633: golang: encoding/xml: stack exhaustion in Unmarshal * CVE-2022-30635: golang: encoding/gob: stack...
Red Hat Security Advisory 2022-6188-01 - This is an updated release of the Node Maintenance Operator. The Node Maintenance Operator cordons off nodes from the rest of the cluster and drains all the pods from the nodes. By placing nodes under maintenance, administrators can proactively power down nodes, move workloads to other parts of the cluster, and ensure that workloads do not get interrupted.
Red Hat Security Advisory 2022-6187-01 - This is an updated release of the Node Health Check Operator. You can use the Node Health Check Operator to deploy the Node Health Check controller. The controller identifies unhealthy nodes and uses the Self Node Remediation Operator to remediate the unhealthy nodes.
An update for node-maintenance-must-gather-container, node-maintenance-operator-bundle-container, and node-maintenance-operator-container is now available for Node Maintenance Operator 4.11 for RHEL 8. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-...
An update for node-healthcheck-operator-bundle-container and node-healthcheck-operator-container is now available for Node Healthcheck Operator 0.3 for RHEL 8. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-30631: golang: compress/gzip: stack exhaust...
This is an updated release of the Self Node Remediation Operator. The Self Node Remediation Operator replaces the Poison Pill Operator, and is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-6103-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.1.
Red Hat OpenShift Container Platform release 4.7.56 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-6051-01 - An update is now available for RHOL-5.5-RHEL-8. Issues addressed include denial of service, man-in-the-middle, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-6113-01 - Red Hat Application Interconnect 1.0 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. This is an update to the rpms for Red Hat Application Interconnect 1.0 to fix some security issues in the golang compiler.
Red Hat Application Interconnect 1.0 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. This is an update to the rpms for Red Hat Application Interconnect 1.0 to fix some security issues in the golang compiler. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original...
Red Hat Security Advisory 2022-6061-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6065-01 - Collectd plugin for gathering resource usage statistics from containers created with the libpod library.
Red Hat Security Advisory 2022-6062-01 - Collectd plugin for gathering resource usage statistics from containers created with the libpod library.
Red Hat Security Advisory 2022-6066-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability.
An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-6040-01 - Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6042-01 - Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include bypass and denial of service vulnerabilities.
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.
In Decoder.Skip in encoding/xml in Go before 1.17.12 and 1.18.x before 1.18.4, stack exhaustion and a panic can occur via a deeply nested XML document.
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.
Release of OpenShift Serverless 1.24.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * C...
Red Hat Security Advisory 2022-5924-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.
Red Hat Security Advisory 2022-5875-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.26.
Red Hat Security Advisory 2022-5923-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.
Red Hat OpenShift Container Platform release 4.10.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23773: golang: cmd/go: misinterpretation of branch names can lead to incorrect access control * CVE-2022-23806: golang: crypto/elliptic: IsOnCurve returns true for invalid field elements * ...
An update is now available for Service Telemetry Framework 1.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
An update is now available for Service Telemetry Framework 1.3 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Gentoo Linux Security Advisory 202208-2 - Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. Versions less than 1.18.5 are affected.
An update for go-toolset-1.17 and go-toolset-1.17-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip:...
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhau...
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhau...
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhau...
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhau...
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhau...
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhau...
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhau...
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhau...
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhau...