Security Bulletin: IBM Cloud Pak for Data is vulnerable to golang compiler ( CVE-2022-32190 )

Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2022-32190 Vulnerability Details CVEID:CVE-2022-32190 DESCRIPTION: Golang Go could allow a remote attacker to traverse directories on the system, caused by not remove ../ path elements appended to a relative...

RHEL 8 : helm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: net/url: JoinPath does not strip relative path components in all circumstances CVE-2022-32190 -...

RHEL 7 / 8 / 9 : OpenShift Virtualization 4.13.0 RPMs (RHSA-2023:3204)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3204 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory...

RHEL 8 / 9 : OpenShift Container Platform 4.12.22 (RHSA-2023:3613)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3613 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.48 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.48 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.22 packages and security update

Red Hat OpenShift Container Platform release 4.12.22 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.13.0 Images security, bug fix, and enhancement update

Red Hat OpenShift Virtualization release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which giv...

Oracle Linux 8 : ol8addon (ELSA-2023-18908)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-18908 advisory. - Addresses CVE-2021-34558 - Include patch to fix CVE-2019-9741 - Fixes CVE-2019-6486 - Fixes CVE-2018-16873, CVE-2018-16874, CVE-2018-16875 - Fix...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Golang Go

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Golang Go. Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted request, a remote...

SUSE CVE-2022-32190

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath"https://go.dev", "../go" returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result...

Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update

The Migration Toolkit for Containers MTC 1.7.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Moderate: Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

An update for Logging Subsystem 5.6.0 is now available for Red Hat OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.1 security and bug fix update

OpenShift API for Data Protection OADP 1.1.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Oracle Linux 8 : ol8addon (ELSA-2022-24267)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-24267 advisory. - Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustio...

Security Bulletin: IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to loss of confidentiality due to CVE-2022-32190

Summary The IBM App Connect Enterprise Certified Container operator and IntegrationServer operands utilise Golang Go. The IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to loss of confidentiality. This bulletin provides patch information t...

Amazon Linux 2022 : golang, golang-bin, golang-misc (ALAS2022-2022-193)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-193 advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating chunked encoding. This issue could allow request smuggling, but only if combined with an...

Security Bulletin: Operations Dashboard is vulnerable to Golang Go vulnerabilities (CVE-2022-27664 and CVE-2022-32190)

Summary Operations Dashboard is vulnerable to Go vulnerabilities listed below. Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted request, a remote attacker could exploit this...

Mageia: Security Advisory (MGASA-2022-0356)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...