ALSA-2024:6913 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: net/http: Denial of service due to improper 100-continue handling in net/http CVE-2024-24791 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion...

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: net/http: Denial of service due to improper 100-continue handling in net/http CVE-2024-24791 go/parser: golang: Calling any of the Parse functions containing deeply nested...

UBUNTU-CVE-2024-34155

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion...

Uncontrolled Recursion

Overview std/go/parser is a Go standard library package std/go/parser Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack...

OESA-2024-1672 containers-common security update

This package contains common configuration files and documentation for container tools ecosystem, such as Podman, Buildah and Skopeo. Security Fixes: Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhausti...

OESA-2024-1642 containers-common security update

This package contains common configuration files and documentation for container tools ecosystem, such as Podman, Buildah and Skopeo. Security Fixes: Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhausti...

RHEL 8 / 9 : Red Hat Service Interconnect 1.4 Release (RHSA-2023:4003)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4003 advisory. As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application...

RHEL 8 / 9 : OpenShift Container Platform 4.13.3 (RHSA-2023:3536)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3536 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 8 : Red Hat Application Interconnect 1.0 Release (rpms) (Important) (RHSA-2022:6113)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6113 advisory. This release addresses several security issues in the underlying golang compiler by moving to golang version 1.17.12. Security Fixes:...

RHEL 8 : Release of OpenShift Serverless Client kn 1.24.0 (Important) (RHSA-2022:6042)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6042 advisory. Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered a...

golang: go/parser: Infinite loop in parsing

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

Moderate: Red Hat Security Advisory: container-tools:4.0 security and bug fix update

An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Moderate: container-tools:rhel8 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handling of JavaScri...

golang: go/parser: Infinite loop in parsing

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

golang: go/parser: Infinite loop in parsing

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

Rocky Linux 8 : container-tools:3.0 (RLSA-2022:7529)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7529 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

golang: go/parser: Infinite loop in parsing

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

golang: go/parser: Infinite loop in parsing

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

Moderate: Red Hat Security Advisory: Red Hat Service Interconnect 1.4 Release security update

This is release 1.4 of the rpms for Red Hat Service Interconnect. Red Hat Service Interconnect 1.4 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allo...

golang: go/parser: Infinite loop in parsing

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...