68 matches found
RHEL 9 : Red Hat OpenStack Platform 17.0 (etcd) (RHSA-2023:1014)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1014 advisory. A highly-available key value store for shared configuration Security Fixes: Improve heuristics preventing CPU/memory abuse by parsing malicious or...
Security Bulletin: IBM Planning Analytics Connector for SAP is affected by security vulnerabilities
Summary IBM Planning Analytics Connector for SAP is affected but not classified as vulnerable, based on current information, to vulnerabilities in Golang Go CVE-2022-41723 and Go YAML CVE-2021-4235, CVE-2022-3064. These have been addressed by upgrading the vulnerable libraries. Vulnerability...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-yaml, OpenSSL, GnuTLS , OpenTelemetry-Go, go-toolset and urllib3
Summary OpenSSL, go-yaml, GnuTLS , OpenTelemetry-Go and urllib3 are consumed through RedHat UBI, go-toolset and OSE packages. These packages are shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-28948 DESCRIPTION: Go-Yaml is vulnerabl...
CBL Mariner 2.0 Security Update: kured (CVE-2022-28948)
The version of kured installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-28948 advisory. - An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize...
Moderate: Red Hat Security Advisory: container-tools:rhel8 security and bug fix update
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Moderate: Red Hat Security Advisory: container-tools:4.0 security and bug fix update
An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
ALSA-2023:6939 Moderate: container-tools:rhel8 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handling of JavaScri...
Moderate: container-tools:rhel8 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handling of JavaScri...
go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents
A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document...
RHEL 9 : toolbox (RHSA-2023:6346)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6346 advisory. Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman...
Security Bulletin: IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands are vulnerable to denial of service due to [CVE-2022-28948]
Summary Go-Yaml is used internally by IBM App Connect Enterprise Certified Container for reading YAML configuration. IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands are vulnerable to denial of service. This bulletin provides patch information to address the...
Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may be vulnerable to denial of service and link following via Go-Yaml, kube-apiserver, Golang Go and Beego
Summary IBM Storage Fusion and IBM Storage Fusion HCI, previously known as Spectrum Fusion and Spectrum Fusion HCI, may be affected by vulnerabilities in Go-Yaml, kube-apiserver, Golang Go and Beego . Vulnerabilities include denial of service, gaining of elevated privileges, improper link followi...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Go yaml vulnerabilities (USN-6287-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6287-1 advisory. Simon Ferquel discovered that the Go yaml package incorrectly handled certain YAML documents. If a user or an automated system we...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.22 bug fix and security update
Red Hat OpenShift Container Platform release 4.12.22 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.10.60 security update
Red Hat OpenShift Container Platform release 4.10.60 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of...
go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents
A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.10.53 bug fix and security update
Red Hat OpenShift Container Platform release 4.10.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...
go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents
A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.9.56 security update
Red Hat OpenShift Container Platform release 4.9.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update
An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...