CVE-2023-45290 Memory exhaustion in multipart form parsing in net/textproto and net/http

When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...

CVE-2023-45290 Memory exhaustion in multipart form parsing in net/textproto and net/http

When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...

GO-2024-2599 Memory exhaustion in multipart form parsing in net/textproto and net/http

When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...

golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body up to 1GiB, causing the receiver to fail reading the response, possibly leading to a Denial of Servic...

Moderate: Red Hat Security Advisory: Service Telemetry Framework 1.5.4 security update

An update is now available for Service Telemetry Framework 1.5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CentOS 9 : containernetworking-plugins-1.3.0-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the containernetworking-plugins-1.3.0-2.el9 build changelog. - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a...

CentOS 9 : grafana-pcp-3.2.0-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the grafana-pcp-3.2.0-2.el9 build changelog. - net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 - io/fs: stack exhaustion in Glob CVE-2022-30630 -...

Moderate: Red Hat Security Advisory: Migration Toolkit for Applications security update

An update is now available for MTA-6.2-RHEL-8 and MTA-6.2-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.13.35 security update

Red Hat OpenShift Container Platform release 4.13.35 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, whic...

golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body up to 1GiB, causing the receiver to fail reading the response, possibly leading to a Denial of Servic...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.0 packages and security update

Red Hat OpenShift Container Platform release 4.15.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

RHEL 8 / 9 : OpenShift Container Platform 4.15.0 (RHSA-2023:7201)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7201 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

go-toolset:ol8 security update

delve 1.20.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.20.2-1 - Rebase to 1.20.2 - Resolves: rhbz2186495 golang 1.20.12-1 - Update to Go 1.20.12 - Fix CVE-2023-39326 CVE-2023-45285 go-toolset 1.20.12-1 - Update to Go 1.20.12 - CVE-2023-39326 golang: net/http/internal:...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.11.58 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.58 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: Logging 5.6.16 - Red Hat OpenShift

Logging 5.6.16 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References sectio...

RHCOS 4 / 9 : OpenShift Container Platform 4.14.0 (RHSA-2023:5009)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5009 advisory. - golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 - kube-apiserver: Bypassing policies imposed by the...

RHCOS 4 : OpenShift Container Platform 4.12.39 (RHSA-2023:5679)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5679 advisory. - golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 - HTTP/2: Multiple HTTP/...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.47 security update

Red Hat OpenShift Container Platform release 4.12.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

Oracle Linux 8 : container-tools:4.0 (ELSA-2024-0121)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0121 advisory. - rebuild for CVE-2023-29406 - rebuild with golang 1.20.6+ for CVE-2023-39321 CVE-2023-29409 - rebuild for following CVEs: CVE-2022-41724 - rebuild...

USN-6574-1 Go vulnerabilities

Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS,...