MGASA-2026-0190 Updated golang-x-net packages fix security vulnerability

CVE-2024-45338 An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

Security update for yq (important)

openSUSE security update: security update for yq ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20892-1 Rating: important References: bsc1241719 bsc1251339 bsc1251540 bsc1266248 bsc1267053 bsc1267199 Cross-References: CVE-2024-45338 CVE-2025-22872...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service

Summary IBM Event Streams is vulnerable to a denial of service due to non‑linear parsing of malicious input. CVE-2024-45338 Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length...

SUSE-SU-2026:20550-1 Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content bsc1235365. ...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to slow parsing in golang.org/x/net/proxy [CVE-2024-45338]

Summary IBM Watson Speech Services Cartridge is vulnerable to slow parsing in golang.org/x/net/proxy, due to non-linearly parsing of input with respect to its length CVE-2024-45338 . Golang is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for...

CVE-2024-45338 affecting package buildah for versions less than 1.41.4-2

CVE-2024-45338 affecting package buildah for versions less than 1.41.4-2. An upgraded version of the package is available that resolves this issue...

Fedora: Security Advisory (FEDORA-2025-a6574c5095)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-4af86bb0f8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in golang.org/x/net-v0.25.0

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of golang.org/x/net-v0.25.0 Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely...

SUSE SLES15: kubevirt-container-disk / kubevirt-manifests / etc (SUSE-SU-2025:03278-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03278-1 advisory. This update for kubevirt updates golang.org/x/net to 0.38.0, fixing security issues CVE-2025-22872, CVE-2024-45337,...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.60 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.60 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in...

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can cra...

CVE-2024-45338 affecting package dasel for versions less than 2.8.1-2

CVE-2024-45338 affecting package dasel for versions less than 2.8.1-2. A patched version of the package is available...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Inefficient Regular Expression Complexity due to golang/net package ( CVE-2024-45338 )

Summary Potential vulnerabilities in golang/net package CVE-2024-45338 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its...

Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could lead to a denial of service (CVE-2024-45338).

Summary A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could lead to a denial of service CVE-2024-45338. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix required to resolve the vulnerability...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-45338]

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability. CVE-2024-45338 Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an...

Important: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.7 security and bug fix update

The Migration Toolkit for Containers MTC 1.8.7 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.52 security and extras update

Red Hat OpenShift Container Platform release 4.15.52 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a security impact of...

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2024-45338.

Summary golang.org/x/net-v0.24.0 is used by the CP4D Scheduling Service. CVE-2024-45338. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow...