CLSA-2026-1778109988 toolbox: Fix of 9 CVEs

Rebuild with golang = 1.22.5 to fix CVE-2022-1705, CVE-2022-41717, CVE-2023-29406, CVE-2023-39318, CVE-2023-39319, CVE-2023-39326, CVE-2023-45290, CVE-2024-24785, CVE-2024-24791...

RHCOS 4 : OpenShift Container Platform 4.11.17 (RHSA-2022:8626)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8626 advisory. - golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 - golang: net/http: handle server errors after...

MiracleLinux 8 : grafana-pcp-3.2.0-2.el8 (AXSA:2022-4370:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-4370:02 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: io/fs: stack exhaustion in Glob CVE-2022-30630 golang:...

MiracleLinux 9 : grafana-pcp-3.2.0-3.el9 (AXSA:2023-4824:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4824:01 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: io/fs: stack exhaustion in Glob CVE-2022-30630 golang:...

MiracleLinux 9 : golang-1.17.12-1.el9, go-toolset-1.17.12-1.el9 (AXSA:2022-4035:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4035:01 advisory. golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization of Transfer-Encoding header...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2022-3736:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3736:01 advisory. golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization of Transfer-Encoding header...

TencentOS Server 3: grafana-pcp (TSSA-2023:0099)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0099 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: ostree (TSSA-2023:0103)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0103 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: container-tools (TSSA-2023:0109)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0109 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to inconsistent interpretation of HTTP requests in Golang (CVE-2022-1705)

Summary Golang is used by IBM Storage Fusion Data Foundation as a core part of operators. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-1705. Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION: Golang Go is vulnerable to...

Linux Distros Unpatched Vulnerability : CVE-2022-1705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined...

Security Bulletin: Vulnerabilities in Golang Go affect watsonx.data

Summary Golang Go has multiple vulnerabilities that include HTTP request smuggling, remote attacks to obtain sensitive information, denial of service, and unspecified errors with return an incorrect results. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION:...

RHEL 8 : butane (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 - Uncontrolled recursio...

RHEL 9 : butane (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 - Uncontrolled recursio...

RHEL 7 / 8 : OpenShift Virtualization 4.12.0 RPMs (RHSA-2023:0407)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0407 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.This advisory contains...

RHEL 8 : Release of OpenShift Serverless Client kn 1.24.0 (Important) (RHSA-2022:6042)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6042 advisory. Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered a...

RHEL 8 : Red Hat OpenStack Platform (etcd) (RHSA-2023:1275)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1275 advisory. etcd is a highly-available key value store for shared configuration. The following Important impact security fixes are applicable to Red Hat...

RHEL 8 : Red Hat Application Interconnect 1.0 Release (rpms) (Important) (RHSA-2022:6113)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6113 advisory. This release addresses several security issues in the underlying golang compiler by moving to golang version 1.17.12. Security Fixes:...

CentOS 9 : toolbox-0.0.99.3-7.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the toolbox-0.0.99.3-7.el9 build changelog. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP...

Security Bulletin: IBM Storage Ceph is vulnerable to a HTTP Request Smuggling vulnerablity in Golang (CVE-2022-1705)

Summary Golang is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2022-1705 Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, caused by a flaw with accepting of some invalid Transfer-Encoding headers in the HTTP/...