Headline
RHSA-2023:2780: Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update
An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
- CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request’s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
- CVE-2022-27664: A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
- CVE-2022-41715: A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
- CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
Synopsis
Moderate: Image Builder security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.
Security Fix(es):
- golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
- golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
- golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
- golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
- golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2033192 - weldr-client doesn’t convert --size to bytes before sending it to osbuild-composer
- BZ - 2063126 - [Azure] Suggest to add 68-azure-sriov-nm-unmanaged.rules
- BZ - 2072834 - [Azure][image] Suggest to enable nm-cloud-setup.timer in Azure images
- BZ - 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
- BZ - 2132254 - Update Image Builder suite of projects to their latest upstream releases [RHEL-8.8]
- BZ - 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers
- BZ - 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
- BZ - 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
- BZ - 2136503 - osbuild-composer can’t access /var/cache/osbuild-composer/rpmmd on package upgrade from 8.6
- BZ - 2139721 - [cockpit-composer] RHEL 8.8 Tier 0 Localization
- BZ - 2141738 - Image builder fails with Volume group “XXX” has insufficient free space (975 extents): 977 required.
- BZ - 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests
- BZ - 2168666 - Rebase to weldr-client v35.9
CVEs
- CVE-2022-2879
- CVE-2022-2880
- CVE-2022-27664
- CVE-2022-41715
- CVE-2022-41717
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
Red Hat Enterprise Linux for x86_64 8
SRPM
cockpit-composer-45-1.el8_8.src.rpm
SHA-256: f2bd4a227c11da67e47452dbf6d9bc743e0a3cf7fe5a63fac4870ec4515bde7b
osbuild-81-1.el8.src.rpm
SHA-256: e6991f4ee9309fe23e8f4486f3ea733769acb33cb3276cd07b016c9295b0ad75
osbuild-composer-75-1.el8.src.rpm
SHA-256: 461d7604d0556d64370eb6b7bb34c1400affc3de200c1baee596b2d4bf9eedeb
weldr-client-35.9-2.el8.src.rpm
SHA-256: 68707f6c8032d8020d767c35dc4205113efa4921063b44bb8385bf26aeb5ca95
x86_64
cockpit-composer-45-1.el8_8.noarch.rpm
SHA-256: 58b36053f36b90ebc2e9fb47fb05dc88b625cb26e43795926166ef674b74d736
osbuild-81-1.el8.noarch.rpm
SHA-256: 7457728e146b874722b5deb53bb85e700828cc421ffbf33a5b3b8342f36573ea
osbuild-composer-75-1.el8.x86_64.rpm
SHA-256: 870026f684ab2bab6aa7f071558856a21e4af1143c9cfc2529b0ec9e783c0542
osbuild-composer-core-75-1.el8.x86_64.rpm
SHA-256: 9234cf91518c3f0b4dbb2262d517d8266ca10c752f770b755a39cb9693cf19e5
osbuild-composer-core-debuginfo-75-1.el8.x86_64.rpm
SHA-256: 81887f43898059f4e3e376957d44f1e7d1d290573afbd875e1315145295008bb
osbuild-composer-debuginfo-75-1.el8.x86_64.rpm
SHA-256: 8d6c71b05e8d9fa71471e7f1edbe432b2f7dfb0d9bb904ea217c55835e4a7f13
osbuild-composer-debugsource-75-1.el8.x86_64.rpm
SHA-256: 11dc416742e978e1976d60a8236be150c3b81ffc732c59ca7a437b71fd14448c
osbuild-composer-dnf-json-75-1.el8.x86_64.rpm
SHA-256: ef6bf923864e2d46373f5d69e66bcde52eee0828515362b44defddc88b108320
osbuild-composer-tests-debuginfo-75-1.el8.x86_64.rpm
SHA-256: b5dc32b1dc957a7c6fff909a06a22c608e7845d069680d71258d5e4d3dc3b6e8
osbuild-composer-worker-75-1.el8.x86_64.rpm
SHA-256: 278ea25338c485496bf8032a9b4ad33490e8a3e5c323e728785045a354fd9520
osbuild-composer-worker-debuginfo-75-1.el8.x86_64.rpm
SHA-256: f76f33ee5435ff808536ee96b7c500c832069f03e218f5b455ae390865376d9e
osbuild-luks2-81-1.el8.noarch.rpm
SHA-256: e4a464a8c929c4e6660a777fdc734b81b7ed9251d39daabb3138d624b2f09f88
osbuild-lvm2-81-1.el8.noarch.rpm
SHA-256: 895ae9c9f1b6c17f28ce91fddc6b13ed25b846a17f088de76396614809938942
osbuild-ostree-81-1.el8.noarch.rpm
SHA-256: 5cba956596a36beba1a2c7bb19177b81328d84b368fe70644809c366a5f97570
osbuild-selinux-81-1.el8.noarch.rpm
SHA-256: 25ba00f1f7fb7c006df5b2254256e2a3c83e03c744b7d06a792420ae693995a2
python3-osbuild-81-1.el8.noarch.rpm
SHA-256: 6f070e9e8fb76ca747dd1f75af994db362e139e55c588bc3bbf40d7e41352e55
weldr-client-35.9-2.el8.x86_64.rpm
SHA-256: c5c476fbb8dbde112b1016975b7ae5d92c50666be54c862365ae9a1ab829c648
weldr-client-debuginfo-35.9-2.el8.x86_64.rpm
SHA-256: f456cef85ee3e9ab1a8044e0b5b8b5e43de230dafe4bf936c29e285a2563b743
weldr-client-debugsource-35.9-2.el8.x86_64.rpm
SHA-256: 3cc697074c8f805819e2a437289686389abd3aa1ac711908b58ce86c3c38ccb8
weldr-client-tests-debuginfo-35.9-2.el8.x86_64.rpm
SHA-256: 83bc9ed72bf714dc36e9c52af95bde7528880c80539f4d8e3ae9a80c53ff56a9
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
cockpit-composer-45-1.el8_8.src.rpm
SHA-256: f2bd4a227c11da67e47452dbf6d9bc743e0a3cf7fe5a63fac4870ec4515bde7b
osbuild-81-1.el8.src.rpm
SHA-256: e6991f4ee9309fe23e8f4486f3ea733769acb33cb3276cd07b016c9295b0ad75
osbuild-composer-75-1.el8.src.rpm
SHA-256: 461d7604d0556d64370eb6b7bb34c1400affc3de200c1baee596b2d4bf9eedeb
weldr-client-35.9-2.el8.src.rpm
SHA-256: 68707f6c8032d8020d767c35dc4205113efa4921063b44bb8385bf26aeb5ca95
s390x
cockpit-composer-45-1.el8_8.noarch.rpm
SHA-256: 58b36053f36b90ebc2e9fb47fb05dc88b625cb26e43795926166ef674b74d736
osbuild-81-1.el8.noarch.rpm
SHA-256: 7457728e146b874722b5deb53bb85e700828cc421ffbf33a5b3b8342f36573ea
osbuild-composer-75-1.el8.s390x.rpm
SHA-256: e086e2091074051a5ba8f184d92c06b8f9de0ca62a8b774d602caa94c5ba9d0b
osbuild-composer-core-75-1.el8.s390x.rpm
SHA-256: 797df974fbe7012185ceed3898b58e87d192db89467cc3deb19ee46142f30ab1
osbuild-composer-core-debuginfo-75-1.el8.s390x.rpm
SHA-256: 3b9833c0061f0b71b1a9fd1cdcb224bd600b20046bb0481ed8f678eea45a6656
osbuild-composer-debuginfo-75-1.el8.s390x.rpm
SHA-256: 3a222053f94d50f203ff15a7c29a4f6aa0308dba4616496261970564a035060a
osbuild-composer-debugsource-75-1.el8.s390x.rpm
SHA-256: 44dd256435e4824b28450388d0709d3bb8bc1b72db41253eba18559fa08e14c7
osbuild-composer-dnf-json-75-1.el8.s390x.rpm
SHA-256: 717abe9dfb05f8dd5783a08cb0ed3bf96613d9abe916f7cc0e3adde6c2044961
osbuild-composer-tests-debuginfo-75-1.el8.s390x.rpm
SHA-256: f2d1ef982d8b78755ed8f391e720efe1f6fe9d49079b1d0c1c760abb64cf72fe
osbuild-composer-worker-75-1.el8.s390x.rpm
SHA-256: 1b672cfa7d496253071e5063dc87b81edb04178eb0937bac1cb1fa2d6524f597
osbuild-composer-worker-debuginfo-75-1.el8.s390x.rpm
SHA-256: b7ac3908b969037f993a97768cbf08bb3d6de3159902462d70a99379679ab076
osbuild-luks2-81-1.el8.noarch.rpm
SHA-256: e4a464a8c929c4e6660a777fdc734b81b7ed9251d39daabb3138d624b2f09f88
osbuild-lvm2-81-1.el8.noarch.rpm
SHA-256: 895ae9c9f1b6c17f28ce91fddc6b13ed25b846a17f088de76396614809938942
osbuild-ostree-81-1.el8.noarch.rpm
SHA-256: 5cba956596a36beba1a2c7bb19177b81328d84b368fe70644809c366a5f97570
osbuild-selinux-81-1.el8.noarch.rpm
SHA-256: 25ba00f1f7fb7c006df5b2254256e2a3c83e03c744b7d06a792420ae693995a2
python3-osbuild-81-1.el8.noarch.rpm
SHA-256: 6f070e9e8fb76ca747dd1f75af994db362e139e55c588bc3bbf40d7e41352e55
weldr-client-35.9-2.el8.s390x.rpm
SHA-256: 3254db5e9a9753306584edfc6a6ca09d0d87dc75e8b2b4d5d390de47045991df
weldr-client-debuginfo-35.9-2.el8.s390x.rpm
SHA-256: 45977514928901a55860f6325b6613b4d46682990e5b8d2177bc92f0efa71527
weldr-client-debugsource-35.9-2.el8.s390x.rpm
SHA-256: 3fcb9676d70ebc048b42d3a3ea775c0cc82ac3df924867382879d56bf314de82
weldr-client-tests-debuginfo-35.9-2.el8.s390x.rpm
SHA-256: 9bd1ec25d3d294050339db0a0b16387eea3abd7f39850e820ff4fafefa8c0ce9
Red Hat Enterprise Linux for Power, little endian 8
SRPM
cockpit-composer-45-1.el8_8.src.rpm
SHA-256: f2bd4a227c11da67e47452dbf6d9bc743e0a3cf7fe5a63fac4870ec4515bde7b
osbuild-81-1.el8.src.rpm
SHA-256: e6991f4ee9309fe23e8f4486f3ea733769acb33cb3276cd07b016c9295b0ad75
osbuild-composer-75-1.el8.src.rpm
SHA-256: 461d7604d0556d64370eb6b7bb34c1400affc3de200c1baee596b2d4bf9eedeb
weldr-client-35.9-2.el8.src.rpm
SHA-256: 68707f6c8032d8020d767c35dc4205113efa4921063b44bb8385bf26aeb5ca95
ppc64le
cockpit-composer-45-1.el8_8.noarch.rpm
SHA-256: 58b36053f36b90ebc2e9fb47fb05dc88b625cb26e43795926166ef674b74d736
osbuild-81-1.el8.noarch.rpm
SHA-256: 7457728e146b874722b5deb53bb85e700828cc421ffbf33a5b3b8342f36573ea
osbuild-composer-75-1.el8.ppc64le.rpm
SHA-256: 64ed7e3c4d11cf9f23451a9658c6235d2e1fa4a2dd8058556226673d7567ddab
osbuild-composer-core-75-1.el8.ppc64le.rpm
SHA-256: 14ccf45542bd18d2c1419f94692226ec3a774c7591a36d3d9f4cc4a1213866a6
osbuild-composer-core-debuginfo-75-1.el8.ppc64le.rpm
SHA-256: 41339b029537dc927233f3075301197e7038a75ff407c141a7ad635bebe947bc
osbuild-composer-debuginfo-75-1.el8.ppc64le.rpm
SHA-256: 80d25d86b45589e609584945e912d126df280fdcbd6f46c4c5494a60bcd05f03
osbuild-composer-debugsource-75-1.el8.ppc64le.rpm
SHA-256: 7c272011989a6fc3c40c4c725942b03f906721c606fe8e6f198654dd7f37c86c
osbuild-composer-dnf-json-75-1.el8.ppc64le.rpm
SHA-256: 202ce26f436d5127ec97498c53e1e05fbbd78dcc964479d18fd8f64c1a6da089
osbuild-composer-tests-debuginfo-75-1.el8.ppc64le.rpm
SHA-256: ffdfea6f8b73f22472c7bf36c404a4d96043c0b7686a1dd9358849a62f90c04b
osbuild-composer-worker-75-1.el8.ppc64le.rpm
SHA-256: 6a6edf6557ecf990a45c9b83ceb0cfe1c41bd8d4a00e51b5307a1369582103a6
osbuild-composer-worker-debuginfo-75-1.el8.ppc64le.rpm
SHA-256: eb3c9ae023bbbd698651aea27713029f10dc81ace05cd55c2b4c4cd37db4d1cb
osbuild-luks2-81-1.el8.noarch.rpm
SHA-256: e4a464a8c929c4e6660a777fdc734b81b7ed9251d39daabb3138d624b2f09f88
osbuild-lvm2-81-1.el8.noarch.rpm
SHA-256: 895ae9c9f1b6c17f28ce91fddc6b13ed25b846a17f088de76396614809938942
osbuild-ostree-81-1.el8.noarch.rpm
SHA-256: 5cba956596a36beba1a2c7bb19177b81328d84b368fe70644809c366a5f97570
osbuild-selinux-81-1.el8.noarch.rpm
SHA-256: 25ba00f1f7fb7c006df5b2254256e2a3c83e03c744b7d06a792420ae693995a2
python3-osbuild-81-1.el8.noarch.rpm
SHA-256: 6f070e9e8fb76ca747dd1f75af994db362e139e55c588bc3bbf40d7e41352e55
weldr-client-35.9-2.el8.ppc64le.rpm
SHA-256: 8f3f1ba200f7b0e7f51cf25d8ff9f898ad1fa63a63c0a0c8988f7dda56e711a8
weldr-client-debuginfo-35.9-2.el8.ppc64le.rpm
SHA-256: 2771203e295f5383050de05b1620d4fe32e7839077aa4626bb35669f51c11794
weldr-client-debugsource-35.9-2.el8.ppc64le.rpm
SHA-256: cd5f89caa88d60c05eb0e93ad040fa2c4a5c88ed37c4ffd9210e9d290f060cd9
weldr-client-tests-debuginfo-35.9-2.el8.ppc64le.rpm
SHA-256: abb62cd785c98767ee0207ae5e44e3b1364df818b5f2a968e62a9c1734b60603
Red Hat Enterprise Linux for ARM 64 8
SRPM
cockpit-composer-45-1.el8_8.src.rpm
SHA-256: f2bd4a227c11da67e47452dbf6d9bc743e0a3cf7fe5a63fac4870ec4515bde7b
osbuild-81-1.el8.src.rpm
SHA-256: e6991f4ee9309fe23e8f4486f3ea733769acb33cb3276cd07b016c9295b0ad75
osbuild-composer-75-1.el8.src.rpm
SHA-256: 461d7604d0556d64370eb6b7bb34c1400affc3de200c1baee596b2d4bf9eedeb
weldr-client-35.9-2.el8.src.rpm
SHA-256: 68707f6c8032d8020d767c35dc4205113efa4921063b44bb8385bf26aeb5ca95
aarch64
cockpit-composer-45-1.el8_8.noarch.rpm
SHA-256: 58b36053f36b90ebc2e9fb47fb05dc88b625cb26e43795926166ef674b74d736
osbuild-81-1.el8.noarch.rpm
SHA-256: 7457728e146b874722b5deb53bb85e700828cc421ffbf33a5b3b8342f36573ea
osbuild-composer-75-1.el8.aarch64.rpm
SHA-256: 10bf0cea342944f39d30499ac0523d48e1fe0e6d97e6f65b935fa8083fa21556
osbuild-composer-core-75-1.el8.aarch64.rpm
SHA-256: 15bc5c793a8c94b309b04566fb1bb5e1139a707f228e5fda35fdeb0c0130fd6c
osbuild-composer-core-debuginfo-75-1.el8.aarch64.rpm
SHA-256: 59f3f12cc3da1c9587b4ddffea7d70f429b46df5bc328b6f7b0ff16a7a331fa9
osbuild-composer-debuginfo-75-1.el8.aarch64.rpm
SHA-256: 43563534c2e8ad33ed04bbc021a79be8b8f4a93c19ed952a0092fa377bda34b2
osbuild-composer-debugsource-75-1.el8.aarch64.rpm
SHA-256: e25366895f011661c994343417fc83f8981dbdbd236de06ed01e5d967dae9a12
osbuild-composer-dnf-json-75-1.el8.aarch64.rpm
SHA-256: 4bedbf25060295d36eac2ce4beeacfb89cf3d25a608bb9a2a12c0e54f7adb7ff
osbuild-composer-tests-debuginfo-75-1.el8.aarch64.rpm
SHA-256: 7f765eccb93aac2107b7122c1c6a1da1105124aa7daaa14fe10bcf5d89c6fe87
osbuild-composer-worker-75-1.el8.aarch64.rpm
SHA-256: b6889c7c0df1eff52ce79196ad10fa10e740bdc1245710901d21bcc157c36a25
osbuild-composer-worker-debuginfo-75-1.el8.aarch64.rpm
SHA-256: ab0bf028f59a5f888c2c9354ef6c326f8217237d3533793f4fc59b5aaa24731f
osbuild-luks2-81-1.el8.noarch.rpm
SHA-256: e4a464a8c929c4e6660a777fdc734b81b7ed9251d39daabb3138d624b2f09f88
osbuild-lvm2-81-1.el8.noarch.rpm
SHA-256: 895ae9c9f1b6c17f28ce91fddc6b13ed25b846a17f088de76396614809938942
osbuild-ostree-81-1.el8.noarch.rpm
SHA-256: 5cba956596a36beba1a2c7bb19177b81328d84b368fe70644809c366a5f97570
osbuild-selinux-81-1.el8.noarch.rpm
SHA-256: 25ba00f1f7fb7c006df5b2254256e2a3c83e03c744b7d06a792420ae693995a2
python3-osbuild-81-1.el8.noarch.rpm
SHA-256: 6f070e9e8fb76ca747dd1f75af994db362e139e55c588bc3bbf40d7e41352e55
weldr-client-35.9-2.el8.aarch64.rpm
SHA-256: 8d3b6ea13c957f50926c5b58f2e20af30775893a262c030702d2841a2c38244c
weldr-client-debuginfo-35.9-2.el8.aarch64.rpm
SHA-256: c9f6817db36ac379f842ed1a98907230d1868c1e833cb11a3032481ca4ebac76
weldr-client-debugsource-35.9-2.el8.aarch64.rpm
SHA-256: 535c1d25592e88a23ef448b8854b7d6f131d3c313f99458b8d959f20400a8bb6
weldr-client-tests-debuginfo-35.9-2.el8.aarch64.rpm
SHA-256: dfbb8813332b7e312b573aa5ee96789269f4d69f04fe4feea7928b6c619b5e0f
Related news
Gentoo Linux Security Advisory 202409-29 - Multiple vulnerabilities have been discovered in Docker, the worst of which could result in denial of service. Versions greater than or equal to 25.0.4 are affected.
Gentoo Linux Security Advisory 202311-9 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution. Versions greater than or equal to 1.20.10 are affected.
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.
Red Hat Security Advisory 2023-4090-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5.
Red Hat Security Advisory 2023-4003-01 - As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3915-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.44.
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where reques...
Red Hat Security Advisory 2023-3644-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.
Red Hat Security Advisory 2023-3645-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a denial of service vulnerability.
A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-42581: A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application. * CVE-2022-1650: A flaw was found in the EventSource NPM Package. The description from the source states the following messa...
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...
Red Hat build of MicroShift release 4.13.0 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat build of MicroShift 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP head...
Red Hat OpenShift Virtualization release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27664: A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown. * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language pack...
An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy saniti...
Red Hat Security Advisory 2023-2283-01 - The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Red Hat Security Advisory 2023-2367-01 - The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.
An update for golang-github-cpuguy83-md2man is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41715: A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small...
An update for git-lfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by r...
An update for git-lfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by r...
An update for butane is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27664: A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown. * CVE-2022-32189: An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode an...
An update is now available for Service Telemetry Framework 1.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-23772: A flaw was found in the big package of the math library in golang. The Rat....
An update is now available for Service Telemetry Framework 1.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-23772: A flaw was found in the big package of the math library in golang. The Rat....
An update is now available for Service Telemetry Framework 1.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-23772: A flaw was found in the big package of the math library in golang. The Rat....
Red Hat Security Advisory 2023-0931-01 - Update information for Logging Subsystem 5.4.12 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.
Red Hat Security Advisory 2023-0930-01 - Update information for Logging Subsystem 5.5.8 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.
OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...
Logging Subsystem 5.6.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&...
Red Hat Security Advisory 2023-1042-01 - Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates.
Red Hat Security Advisory 2023-1042-01 - Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates.
Red Hat Security Advisory 2023-1042-01 - Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates.
Red Hat Security Advisory 2023-1079-01 - An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train).
Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-1962: A flaw was found in the golang standard library, go/par...
An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to c...
Red Hat Security Advisory 2023-0727-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.3.
Red Hat Security Advisory 2023-0727-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.3.
Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.
Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.
Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Release of OpenShift Serverless 1.27.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query para...
Release of OpenShift Serverless 1.27.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query para...
Release of OpenShift Serverless 1.27.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query para...
Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...
Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...
Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...
Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.
Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.
Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.
Red Hat OpenShift Service Mesh 2.3.1 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-3962: kiali: error message spoofing in kiali UI * CVE-2022-27664: golang: ...
Red Hat OpenShift Service Mesh 2.3.1 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-3962: kiali: error message spoofing in kiali UI * CVE-2022-27664: golang: ...
Red Hat Security Advisory 2023-0264-01 - An update for Logging Subsystem (5.6.0) is now available for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-0264-01 - An update for Logging Subsystem (5.6.0) is now available for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-7399-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-7398-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-7398-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...
Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...
Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...
Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...
Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...
Red Hat Security Advisory 2022-8634-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
Red Hat Security Advisory 2022-7129-01 - Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Issues addressed include a denial of service vulnerability.
Gentoo Linux Security Advisory 202209-26 - Multiple vulnerabilities have been discovered in Go, the worst of which could result in denial of service. Versions less than 1.18.6 are affected.
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.