CLSA-2026-1778109988 toolbox: Fix of 9 CVEs

Rebuild with golang = 1.22.5 to fix CVE-2022-1705, CVE-2022-41717, CVE-2023-29406, CVE-2023-39318, CVE-2023-39319, CVE-2023-39326, CVE-2023-45290, CVE-2024-24785, CVE-2024-24791...

RHCOS 4 : OpenShift Container Platform 4.14.35 (RHSA-2024:5436)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5436 advisory. - golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 -...

MiracleLinux 9 : containernetworking-plugins-1.4.0-3.el9_4 (AXSA:2024-8419:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8419:02 advisory. golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 CVE-2023-45290 When parsing a multipart form either explicitly with...

MiracleLinux 8 : git-lfs-3.4.1-2.el8 (AXSA:2024-8248:04)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8248:04 advisory. golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 golang: net/http/cookiejar: incorrect forwarding of...

Security Bulletin: IBM Storage Ceph is vulnerable to Allocation of Resources Without Limits or Throttling in Grafana (CVE-2023-45290)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. CVE-2023-45290 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2023-45290 DESCRIPTION: When parsing a multipart form either explicitly with...

TencentOS Server 3: git-lfs (TSSA-2024:0231)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0231 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0100: go-toolset:rhel8 (ALINUX3-SA-2024:0100)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0100 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-45288: An attacker may cause an...

Alibaba Cloud Linux 3 : 0165: git-lfs (ALINUX3-SA-2024:0165)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0165 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-45288: An attacker may cause an...

RLSA-2024:9135 Moderate: toolbox security update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in...

Linux Distros Unpatched Vulnerability : CVE-2023-45290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile...

Moderate: Red Hat Security Advisory: toolbox security update

An update for toolbox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Moderate: toolbox security update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in...

Mageia: Security Advisory (MGASA-2024-0343)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated buildah, podman, skopeo packages fix security vulnerabilities

A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...

RLSA-2024:8038 Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 go/parser: golang: Calling any of the...

openSUSE Security Advisory (SUSE-SU-2024:3755-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:3755-1 Security update for go1.21-openssl

This update for go1.21-openssl fixes the following issues: - CVE-2024-24791: Fixed denial of service due to improper 100-continue handling bsc1227314 - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip bsc1225973 - CVE-2024-24790: Fixed unexpected behavior from ...

AlmaLinux 8 : container-tools:rhel8 (ALSA-2024:8038)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:8038 advisory. golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 go/parser: golang: Calling...

Important: Red Hat Security Advisory: container-tools:rhel8 security update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

ALSA-2024:8038 Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 go/parser: golang: Calling any of the...