Lucene search
GoogleOSV:ALSA-2024:2160HistoryApr 30, 2024 - 12:00 a.m.
Moderate: toolbox security update
2024-04-3000:00:00
Google
osv.dev
6
toolbox
security update
linux
podman
containerized environments
golang
cve-2023-39318
cve-2023-39319
cve-2023-39326
resource consumption
http requests
almalinux
Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.
Security Fix(es):
- golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
- golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
- golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
Related
redhat
redhat
(RHSA-2024:2160) Moderate: toolbox security update
2024-04-30 06:14:54
(RHSA-2024:0694) Moderate: Logging Subsystem 5.7.11 - Red Hat OpenShift
2024-02-07 18:43:19
(RHSA-2024:1244) Moderate: rhc-worker-script security update
2024-03-11 15:52:47
nessus
nessus
RHEL 9 : toolbox (RHSA-2024:2160)
2024-04-30 00:00:00
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-367)
2023-10-03 00:00:00
almalinux
almalinux
Moderate: toolbox security update
2024-04-30 00:00:00
Moderate: buildah security update
2023-12-12 00:00:00
Moderate: podman security update
2023-12-12 00:00:00
openvas
openvas
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:3700-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:3840-1)
2024-03-04 00:00:00
Ubuntu: Security Advisory (USN-6574-1)
2024-01-12 00:00:00
ibm
ibm
ubuntu
ubuntu
Go vulnerabilities
2024-01-11 00:00:00
osv
osv
Go vulnerabilities
2024-01-11 05:30:24
BIT-golang-2023-39326
2024-03-06 10:53:23
Improper handling of special tags within script contexts in html/template
2023-09-07 16:11:59
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0108
2023-10-05 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0665
2023-10-10 00:00:00
Moderate Photon OS Security Update - PHSA-2023-4.0-0484
2023-10-05 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2023-09-06 00:00:00
oraclelinux
oraclelinux
podman security update
2023-12-14 00:00:00
olcne security update
2024-04-02 00:00:00
conmon security update
2024-03-01 00:00:00
alpinelinux
alpinelinux
cgr
cgr
CVE-2023-39326 vulnerabilities
2024-05-19 03:07:16
CVE-2023-39318 vulnerabilities
2024-05-19 03:07:16
CVE-2023-39319 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
amazon
amazon
Medium: cni-plugins
2024-05-09 19:16:00
Important: golang
2023-10-16 13:45:00
cve
cve
cbl_mariner
cbl_mariner
CVE-2023-39326 affecting package golang for versions less than 1.21.6-1
2024-05-20 09:07:23
CVE-2023-39318 affecting package golang for versions less than 1.20.10-1
2024-05-20 09:07:17
CVE-2023-39319 affecting package golang for versions less than 1.20.10-1
2024-05-20 09:07:23
redhatcve
redhatcve
ubuntucve
ubuntucve
veracode
veracode
Cross-Site Scripting (XSS)
2023-10-02 20:15:16
Cross-Site Scripting (XSS)
2023-10-03 07:01:30
Denial Of Service (DoS)
2023-12-12 07:10:29
wolfi
wolfi
CVE-2023-39326 vulnerabilities
2024-05-20 09:07:17
CVE-2023-39318 vulnerabilities
2024-05-20 09:07:17
CVE-2023-39319 vulnerabilities
2024-05-20 09:07:17
prion
prion
Design/Logic Flaw
2023-12-06 17:15:00
Hardcoded credentials
2023-09-08 17:15:00
Hardcoded credentials
2023-09-08 17:15:00
debiancve
debiancve
fedora
fedora
[SECURITY] Fedora 39 Update: golang-1.21.6-1.fc39
2024-01-20 03:24:19