RHCOS 4 : OpenShift Container Platform 4.10.5 (RHSA-2022:0927)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0927 advisory. - golang: net/http: limit growth of header canonicalization cache CVE-2021-44716 - golang: syscall: don't close fd 0 on ForkExec err...

RHEL 8 : Release of OpenShift Serverless Client kn 1.21.0 (Moderate) (RHSA-2022:1056)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1056 advisory. Red Hat OpenShift Serverless Client kn 1.21.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.21.0. The kn CLI is delivered a...

RHEL 7 / 8 : OpenShift Virtualization 4.12.0 RPMs (RHSA-2023:0407)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0407 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.This advisory contains...

CentOS 9 : podman-4.1.1-3.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the podman-4.1.1-3.el9 build changelog. - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via...

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2021:5160)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5160 advisory. - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.12.0 RPMs security update

Updated release packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

openSUSE 15 Security Update : apptainer (openSUSE-SU-2023:0018-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0018-1 advisory. - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via...

Security update for apptainer (moderate)

openSUSE Security Update: Security update for apptainer Announcement ID: openSUSE-SU-2023:0018-1 Rating: moderate References: Cross-References: CVE-2021-44716 CVE-2021-44717 CVE-2022-39237 CVSS scores: CVE-2021-44716 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44716 SUSE: 7.5...

Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Services

Summary A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Services Vulnerability Details CVEID:CVE-2021-44717 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by an error in the syscall.ForkExec interface. By causing...

Important: Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

Security Bulletin: Flaw in Go may affect DataPower Operator (CVE-2021-44717)

Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2021-44717 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by an error in the syscall.ForkExec interface. By causing the erroneous closing of file descriptor 0 after file-descriptor...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to remote attack due to Go CVE-2021-44717

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to remote attack due to Go CVE-2021-44717 with details below Vulnerability Details CVEID: CVE-2021-44717 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by...

Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update

The Migration Toolkit for Containers MTC 1.7.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Important: golang

Issue Overview: An out of bounds read vulnerability was found in golang. When using the archive/zip standard library stdlib and an unexpected file is parsed, it can cause golang to attempt to read outside of a slice array causing a panic in the runtime. A potential attacker can use this...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-1506)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1506)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1449)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1487)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-1487)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.10.0 enhancement, security & bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.10.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...