Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:5337: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode
  • CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar
  • CVE-2022-29526: golang: syscall: faccessat checks wrong group
Red Hat Security Data
#vulnerability#linux#red_hat#ibm#sap

Synopsis

Moderate: go-toolset:rhel8 security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

  • golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
  • golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
  • golang: syscall: faccessat checks wrong group (CVE-2022-29526)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Update to Go 1.17.10 (BZ#2091077)

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
  • BZ - 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
  • BZ - 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group

Red Hat Enterprise Linux for x86_64 8

SRPM

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm

SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 6338017617ddddafdc55e445143a03709237915e95985ea5bda710a9a6acd570

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 0906a62efea0351a2d61463e7c25df5d527f03210f2d43bddb0522ef67d137db

x86_64

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336

delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd

delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 48a5f3a76c0fd33e15e679854f047c542fe8d050cc7396102fa1ab6dd4dac3f3

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 650c736464500061b0c990182569efa5adaaf407e5dec0011310ef74fc6ff5c8

golang-bin-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 9aab9fc6108da59043cc3e3d4507b4483e42f2131ffe8f94ee20310b69efa90d

golang-docs-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 5f1229d9fc98cb485756414621223a60b7f7f5c8c5ae4ed8df066a27391c1349

golang-misc-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 9781634bdbccb61c1e9a17702cfc92f15ed1913d2bfe03a3afe8831b1ecda280

golang-race-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 938067eadbc7627dd4f77632beca31288aea2e72cc6c5bea8c82bc6536384fd3

golang-src-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: b18d5ffaca09c7edbd139b1d4f8a4f71400079f60293f3aab7691c009981258f

golang-tests-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 78de90a4e2d6229133a6b06ddaaa82221928bd2d1d9946ef02a6c005ac6cea61

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm

SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 6338017617ddddafdc55e445143a03709237915e95985ea5bda710a9a6acd570

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 0906a62efea0351a2d61463e7c25df5d527f03210f2d43bddb0522ef67d137db

x86_64

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336

delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd

delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 48a5f3a76c0fd33e15e679854f047c542fe8d050cc7396102fa1ab6dd4dac3f3

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 650c736464500061b0c990182569efa5adaaf407e5dec0011310ef74fc6ff5c8

golang-bin-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 9aab9fc6108da59043cc3e3d4507b4483e42f2131ffe8f94ee20310b69efa90d

golang-docs-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 5f1229d9fc98cb485756414621223a60b7f7f5c8c5ae4ed8df066a27391c1349

golang-misc-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 9781634bdbccb61c1e9a17702cfc92f15ed1913d2bfe03a3afe8831b1ecda280

golang-race-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 938067eadbc7627dd4f77632beca31288aea2e72cc6c5bea8c82bc6536384fd3

golang-src-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: b18d5ffaca09c7edbd139b1d4f8a4f71400079f60293f3aab7691c009981258f

golang-tests-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 78de90a4e2d6229133a6b06ddaaa82221928bd2d1d9946ef02a6c005ac6cea61

Red Hat Enterprise Linux Server - AUS 8.6

SRPM

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm

SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 6338017617ddddafdc55e445143a03709237915e95985ea5bda710a9a6acd570

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 0906a62efea0351a2d61463e7c25df5d527f03210f2d43bddb0522ef67d137db

x86_64

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336

delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd

delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 48a5f3a76c0fd33e15e679854f047c542fe8d050cc7396102fa1ab6dd4dac3f3

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 650c736464500061b0c990182569efa5adaaf407e5dec0011310ef74fc6ff5c8

golang-bin-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 9aab9fc6108da59043cc3e3d4507b4483e42f2131ffe8f94ee20310b69efa90d

golang-docs-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 5f1229d9fc98cb485756414621223a60b7f7f5c8c5ae4ed8df066a27391c1349

golang-misc-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 9781634bdbccb61c1e9a17702cfc92f15ed1913d2bfe03a3afe8831b1ecda280

golang-race-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 938067eadbc7627dd4f77632beca31288aea2e72cc6c5bea8c82bc6536384fd3

golang-src-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: b18d5ffaca09c7edbd139b1d4f8a4f71400079f60293f3aab7691c009981258f

golang-tests-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 78de90a4e2d6229133a6b06ddaaa82221928bd2d1d9946ef02a6c005ac6cea61

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 6338017617ddddafdc55e445143a03709237915e95985ea5bda710a9a6acd570

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 0906a62efea0351a2d61463e7c25df5d527f03210f2d43bddb0522ef67d137db

s390x

golang-docs-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 5f1229d9fc98cb485756414621223a60b7f7f5c8c5ae4ed8df066a27391c1349

golang-misc-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 9781634bdbccb61c1e9a17702cfc92f15ed1913d2bfe03a3afe8831b1ecda280

golang-src-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: b18d5ffaca09c7edbd139b1d4f8a4f71400079f60293f3aab7691c009981258f

golang-tests-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 78de90a4e2d6229133a6b06ddaaa82221928bd2d1d9946ef02a6c005ac6cea61

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.s390x.rpm

SHA-256: 491bfdc1ccf9820291d0c8f64dc0c2f8f6975bf63db35ce54a426881b4c261ba

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.s390x.rpm

SHA-256: 64c5a83ebd21f6846be0b2bc15956da2bf22e917b0546677c800c39c720e752e

golang-bin-1.17.10-1.module+el8.6.0+15486+6d4da7db.s390x.rpm

SHA-256: 0aa74c4b7a7f60a409d76a814796e4fe2602a24f09803c781592c1ad08455033

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 6338017617ddddafdc55e445143a03709237915e95985ea5bda710a9a6acd570

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 0906a62efea0351a2d61463e7c25df5d527f03210f2d43bddb0522ef67d137db

s390x

golang-docs-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 5f1229d9fc98cb485756414621223a60b7f7f5c8c5ae4ed8df066a27391c1349

golang-misc-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 9781634bdbccb61c1e9a17702cfc92f15ed1913d2bfe03a3afe8831b1ecda280

golang-src-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: b18d5ffaca09c7edbd139b1d4f8a4f71400079f60293f3aab7691c009981258f

golang-tests-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 78de90a4e2d6229133a6b06ddaaa82221928bd2d1d9946ef02a6c005ac6cea61

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.s390x.rpm

SHA-256: 491bfdc1ccf9820291d0c8f64dc0c2f8f6975bf63db35ce54a426881b4c261ba

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.s390x.rpm

SHA-256: 64c5a83ebd21f6846be0b2bc15956da2bf22e917b0546677c800c39c720e752e

golang-bin-1.17.10-1.module+el8.6.0+15486+6d4da7db.s390x.rpm

SHA-256: 0aa74c4b7a7f60a409d76a814796e4fe2602a24f09803c781592c1ad08455033

Red Hat Enterprise Linux for Power, little endian 8

SRPM

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 6338017617ddddafdc55e445143a03709237915e95985ea5bda710a9a6acd570

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 0906a62efea0351a2d61463e7c25df5d527f03210f2d43bddb0522ef67d137db

ppc64le

golang-docs-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 5f1229d9fc98cb485756414621223a60b7f7f5c8c5ae4ed8df066a27391c1349

golang-misc-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 9781634bdbccb61c1e9a17702cfc92f15ed1913d2bfe03a3afe8831b1ecda280

golang-src-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: b18d5ffaca09c7edbd139b1d4f8a4f71400079f60293f3aab7691c009981258f

golang-tests-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 78de90a4e2d6229133a6b06ddaaa82221928bd2d1d9946ef02a6c005ac6cea61

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.ppc64le.rpm

SHA-256: 6faed9a4352e0afba6c8b65bf209977d27769536c9703fafcefe966bcbdc69bf

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.ppc64le.rpm

SHA-256: 172168aaa8f25348aa1b05319d4f5c083b0fd56148d92b98c739757cd29c6ead

golang-bin-1.17.10-1.module+el8.6.0+15486+6d4da7db.ppc64le.rpm

SHA-256: e7c0a2a2d34c87dd5ee20108b1badc76b1a3fe9d404b185c151c65429ffb0d00

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 6338017617ddddafdc55e445143a03709237915e95985ea5bda710a9a6acd570

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 0906a62efea0351a2d61463e7c25df5d527f03210f2d43bddb0522ef67d137db

ppc64le

golang-docs-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 5f1229d9fc98cb485756414621223a60b7f7f5c8c5ae4ed8df066a27391c1349

golang-misc-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 9781634bdbccb61c1e9a17702cfc92f15ed1913d2bfe03a3afe8831b1ecda280

golang-src-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: b18d5ffaca09c7edbd139b1d4f8a4f71400079f60293f3aab7691c009981258f

golang-tests-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 78de90a4e2d6229133a6b06ddaaa82221928bd2d1d9946ef02a6c005ac6cea61

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.ppc64le.rpm

SHA-256: 6faed9a4352e0afba6c8b65bf209977d27769536c9703fafcefe966bcbdc69bf

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.ppc64le.rpm

SHA-256: 172168aaa8f25348aa1b05319d4f5c083b0fd56148d92b98c739757cd29c6ead

golang-bin-1.17.10-1.module+el8.6.0+15486+6d4da7db.ppc64le.rpm

SHA-256: e7c0a2a2d34c87dd5ee20108b1badc76b1a3fe9d404b185c151c65429ffb0d00

Red Hat Enterprise Linux Server - TUS 8.6

SRPM

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm

SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 6338017617ddddafdc55e445143a03709237915e95985ea5bda710a9a6acd570

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 0906a62efea0351a2d61463e7c25df5d527f03210f2d43bddb0522ef67d137db

x86_64

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336

delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd

delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 48a5f3a76c0fd33e15e679854f047c542fe8d050cc7396102fa1ab6dd4dac3f3

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 650c736464500061b0c990182569efa5adaaf407e5dec0011310ef74fc6ff5c8

golang-bin-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 9aab9fc6108da59043cc3e3d4507b4483e42f2131ffe8f94ee20310b69efa90d

golang-docs-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 5f1229d9fc98cb485756414621223a60b7f7f5c8c5ae4ed8df066a27391c1349

golang-misc-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 9781634bdbccb61c1e9a17702cfc92f15ed1913d2bfe03a3afe8831b1ecda280

golang-race-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 938067eadbc7627dd4f77632beca31288aea2e72cc6c5bea8c82bc6536384fd3

golang-src-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: b18d5ffaca09c7edbd139b1d4f8a4f71400079f60293f3aab7691c009981258f

golang-tests-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 78de90a4e2d6229133a6b06ddaaa82221928bd2d1d9946ef02a6c005ac6cea61

Red Hat Enterprise Linux for ARM 64 8

SRPM

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 6338017617ddddafdc55e445143a03709237915e95985ea5bda710a9a6acd570

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 0906a62efea0351a2d61463e7c25df5d527f03210f2d43bddb0522ef67d137db

aarch64

golang-docs-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 5f1229d9fc98cb485756414621223a60b7f7f5c8c5ae4ed8df066a27391c1349

golang-misc-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 9781634bdbccb61c1e9a17702cfc92f15ed1913d2bfe03a3afe8831b1ecda280

golang-src-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: b18d5ffaca09c7edbd139b1d4f8a4f71400079f60293f3aab7691c009981258f

golang-tests-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 78de90a4e2d6229133a6b06ddaaa82221928bd2d1d9946ef02a6c005ac6cea61

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.aarch64.rpm

SHA-256: a63a0c80be8b57b3e41e0d731ddbc668d7fdc66dd6fb38de3f38c770a019e148

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.aarch64.rpm

SHA-256: e41aed941a647740683c9acd8169eec28cdfa3c8cf32bdf50d18d25913bff850

golang-bin-1.17.10-1.module+el8.6.0+15486+6d4da7db.aarch64.rpm

SHA-256: 3a5f6dec8ff44c1c6c87253350e1c2a76722858af1655400b2d3418f3207de24

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 6338017617ddddafdc55e445143a03709237915e95985ea5bda710a9a6acd570

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 0906a62efea0351a2d61463e7c25df5d527f03210f2d43bddb0522ef67d137db

aarch64

golang-docs-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 5f1229d9fc98cb485756414621223a60b7f7f5c8c5ae4ed8df066a27391c1349

golang-misc-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 9781634bdbccb61c1e9a17702cfc92f15ed1913d2bfe03a3afe8831b1ecda280

golang-src-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: b18d5ffaca09c7edbd139b1d4f8a4f71400079f60293f3aab7691c009981258f

golang-tests-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 78de90a4e2d6229133a6b06ddaaa82221928bd2d1d9946ef02a6c005ac6cea61

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.aarch64.rpm

SHA-256: a63a0c80be8b57b3e41e0d731ddbc668d7fdc66dd6fb38de3f38c770a019e148

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.aarch64.rpm

SHA-256: e41aed941a647740683c9acd8169eec28cdfa3c8cf32bdf50d18d25913bff850

golang-bin-1.17.10-1.module+el8.6.0+15486+6d4da7db.aarch64.rpm

SHA-256: 3a5f6dec8ff44c1c6c87253350e1c2a76722858af1655400b2d3418f3207de24

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 6338017617ddddafdc55e445143a03709237915e95985ea5bda710a9a6acd570

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 0906a62efea0351a2d61463e7c25df5d527f03210f2d43bddb0522ef67d137db

ppc64le

golang-docs-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 5f1229d9fc98cb485756414621223a60b7f7f5c8c5ae4ed8df066a27391c1349

golang-misc-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 9781634bdbccb61c1e9a17702cfc92f15ed1913d2bfe03a3afe8831b1ecda280

golang-src-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: b18d5ffaca09c7edbd139b1d4f8a4f71400079f60293f3aab7691c009981258f

golang-tests-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 78de90a4e2d6229133a6b06ddaaa82221928bd2d1d9946ef02a6c005ac6cea61

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.ppc64le.rpm

SHA-256: 6faed9a4352e0afba6c8b65bf209977d27769536c9703fafcefe966bcbdc69bf

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.ppc64le.rpm

SHA-256: 172168aaa8f25348aa1b05319d4f5c083b0fd56148d92b98c739757cd29c6ead

golang-bin-1.17.10-1.module+el8.6.0+15486+6d4da7db.ppc64le.rpm

SHA-256: e7c0a2a2d34c87dd5ee20108b1badc76b1a3fe9d404b185c151c65429ffb0d00

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm

SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 6338017617ddddafdc55e445143a03709237915e95985ea5bda710a9a6acd570

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.src.rpm

SHA-256: 0906a62efea0351a2d61463e7c25df5d527f03210f2d43bddb0522ef67d137db

x86_64

delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336

delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd

delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm

SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95

go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 48a5f3a76c0fd33e15e679854f047c542fe8d050cc7396102fa1ab6dd4dac3f3

golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 650c736464500061b0c990182569efa5adaaf407e5dec0011310ef74fc6ff5c8

golang-bin-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 9aab9fc6108da59043cc3e3d4507b4483e42f2131ffe8f94ee20310b69efa90d

golang-docs-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 5f1229d9fc98cb485756414621223a60b7f7f5c8c5ae4ed8df066a27391c1349

golang-misc-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 9781634bdbccb61c1e9a17702cfc92f15ed1913d2bfe03a3afe8831b1ecda280

golang-race-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpm

SHA-256: 938067eadbc7627dd4f77632beca31288aea2e72cc6c5bea8c82bc6536384fd3

golang-src-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: b18d5ffaca09c7edbd139b1d4f8a4f71400079f60293f3aab7691c009981258f

golang-tests-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpm

SHA-256: 78de90a4e2d6229133a6b06ddaaa82221928bd2d1d9946ef02a6c005ac6cea61

Related news

Ubuntu Security Notice USN-6038-2

Ubuntu Security Notice 6038-2 - USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

CVE-2022-36777: Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.

Red Hat Security Advisory 2023-3914-01

Red Hat Security Advisory 2023-3914-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.44.

Red Hat Security Advisory 2023-3642-01

Red Hat Security Advisory 2023-3642-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, denial of service, information leakage, spoofing, and traversal vulnerabilities.

RHSA-2023:3642: Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update

A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-42581: A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application. * CVE-2022-1650: A flaw was found in the EventSource NPM Package. The description from the source states the following messa...

Ubuntu Security Notice USN-6038-1

Ubuntu Security Notice 6038-1 - It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting into a denial of service.

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

RHSA-2023:1529: Red Hat Security Advisory: Service Telemetry Framework 1.5 security update

An update is now available for Service Telemetry Framework 1.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-23772: A flaw was found in the big package of the math library in golang. The Rat....

RHSA-2023:1042: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates)

Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-1962: A flaw was found in the golang standard library, go/par...

CVE-2022-42950: Couchbase Alerts

An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.

Red Hat Security Advisory 2023-0408-01

Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2023:0408: Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update

Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...

CVE-2022-41296: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.

RHSA-2022:8750: Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update

Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...

Red Hat Security Advisory 2022-7058-01

Red Hat Security Advisory 2022-7058-01 - OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. Issues addressed include a null pointer vulnerability.

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Red Hat Security Advisory 2022-6714-01

Red Hat Security Advisory 2022-6714-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes.

RHSA-2022:6714: Red Hat Security Advisory: RHACS 3.72 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...

Red Hat Security Advisory 2022-6526-01

Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

RHSA-2022:6526: Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...

Red Hat Security Advisory 2022-6430-01

Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

RHSA-2022:6430: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update

OpenShift API for Data Protection (OADP) 1.0.4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30629: golang: crypto/tls: session ti...

Red Hat Security Advisory 2022-6152-01

Red Hat Security Advisory 2022-6152-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.0.

Red Hat Security Advisory 2022-6277-01

Red Hat Security Advisory 2022-6277-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include denial of service and traversal vulnerabilities.

RHSA-2022:6152: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar...

RHSA-2022:6290: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaus...

Red Hat Security Advisory 2022-6155-01

Red Hat Security Advisory 2022-6155-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

RHSA-2022:6187: Red Hat Security Advisory: Node Health Check Operator 0.3.1 security update

An update for node-healthcheck-operator-bundle-container and node-healthcheck-operator-container is now available for Node Healthcheck Operator 0.3 for RHEL 8. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-30631: golang: compress/gzip: stack exhaust...

RHSA-2022:6156: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23440: nodejs-set-value: type confusion allows bypass of CVE-2019-10747 * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-...

RHSA-2022:6155: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement & bugfix update

Updated packages that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar

Red Hat Security Advisory 2022-6094-01

Red Hat Security Advisory 2022-6094-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.28.

RHSA-2022:6094: Red Hat Security Advisory: OpenShift Container Platform 4.10.28 packages and security update

Red Hat OpenShift Container Platform release 4.10.28 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23773: golang: cmd/go: misinterpretation of branch names can lead to incorrect access control * CVE-2022-23806: golang: crypto/elliptic: IsOnCurve returns true for invalid field elements * ...

Red Hat Security Advisory 2022-6040-01

Red Hat Security Advisory 2022-6040-01 - Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6042-01

Red Hat Security Advisory 2022-6042-01 - Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2022-5069-01

Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.

Red Hat Security Advisory 2022-5068-01

Red Hat Security Advisory 2022-5068-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-5070-01

Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.

RHSA-2022:5069: Red Hat Security Advisory: OpenShift Container Platform 4.11.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...

Red Hat Security Advisory 2022-5875-01

Red Hat Security Advisory 2022-5875-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.26.

RHSA-2022:5875: Red Hat Security Advisory: OpenShift Container Platform 4.10.26 security update

Red Hat OpenShift Container Platform release 4.10.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23773: golang: cmd/go: misinterpretation of branch names can lead to incorrect access control * CVE-2022-23806: golang: crypto/elliptic: IsOnCurve returns true for invalid field elements * ...

Gentoo Linux Security Advisory 202208-02

Gentoo Linux Security Advisory 202208-2 - Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. Versions less than 1.18.5 are affected.

Red Hat Security Advisory 2022-5840-01

Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

Red Hat Security Advisory 2022-5729-01

Red Hat Security Advisory 2022-5729-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.25.

Red Hat Security Advisory 2022-5730-01

Red Hat Security Advisory 2022-5730-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.25.

RHSA-2022:5840: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1365: cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group

RHSA-2022:5730: Red Hat Security Advisory: OpenShift Container Platform 4.10.25 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921...

RHSA-2022:5729: Red Hat Security Advisory: OpenShift Container Platform 4.10.25 security update

Red Hat OpenShift Container Platform release 4.10.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression

RHSA-2022:5699: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29526: golang: syscall: faccessat checks wrong group

RHSA-2022:5415: Red Hat Security Advisory: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update

An update for go-toolset-1.17 and go-toolset-1.17-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar

Red Hat Security Advisory 2022-5392-01

Red Hat Security Advisory 2022-5392-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve security issues and fix several bugs. Issues addressed include a traversal vulnerability.

RHSA-2022:5392: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.11 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.3.11 general availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurv...

Red Hat Security Advisory 2022-5201-01

Red Hat Security Advisory 2022-5201-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.5 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which apply security fixes and fix several bugs. Issues addressed include a traversal vulnerability.

RHSA-2022:5201: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.5 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.5 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sand...

CVE-2022-29526: golang-announce - Google Groups

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

Red Hat Security Advisory 2022-5006-01

Red Hat Security Advisory 2022-5006-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-5006-01

Red Hat Security Advisory 2022-5006-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a traversal vulnerability.

RHSA-2022:5006: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.3 Containers security update

Red Hat OpenShift Service Mesh 2.1.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1650: eventsource: Exposure of Sensitive Information * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar

RHSA-2022:5006: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.3 Containers security update

Red Hat OpenShift Service Mesh 2.1.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1650: eventsource: Exposure of Sensitive Information * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.