Moderate: Red Hat Security Advisory: container-tools:4.0 security and bug fix update

An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Moderate: container-tools:rhel8 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handling of JavaScri...

Moderate: container-tools:4.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: insufficient sanitization of Host header CVE-2023-29406 For more details about the security issues, including the impact, a CVSS score,...

RHEL 8 : container-tools:rhel8 (RHSA-2023:6939)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6939 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml:...

ALSA-2023:6939 Moderate: container-tools:rhel8 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handling of JavaScri...

RHEL 8 : container-tools:4.0 (RHSA-2023:6938)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6938 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml:...

OPENSUSE-SU-2023:0360-1 Security update for go1.21

This update introduces go1.21, including fixes for the following issues: - go1.21.3 released 2023-10-10 includes a security fix to the net/http package. Refs boo1212475 go1.21 release tracking CVE-2023-39325 CVE-2023-44487 go63427 go63417 boo1216109 security: fix CVE-2023-39325 CVE-2023-44487...

Important: Red Hat Security Advisory: Machine Deletion Remediation Operator 0.2.1 security update

This is an updated version for the machine-deletion-remediation-operator-bundle-container and the machine-deletion-remediation-operator-container. It is now available for Machine Deletion Remediation 0.2 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of...

Important: Red Hat Security Advisory: openshift-pipelines-client security update

An update for openshift-pipelines-client is now available for OpenShift-Pipelines-1.11-RHEL-8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: Red Hat Security Advisory: containernetworking-plugins security and bug fix update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache...

golang: net/http, mime/multipart: denial of service from excessive resource consumption

A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service...

golang: net/http, mime/multipart: denial of service from excessive resource consumption

A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service...

Moderate: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

golang: net/http, mime/multipart: denial of service from excessive resource consumption

A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service...

Moderate: Red Hat Security Advisory: skopeo security update

An update for skopeo is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Fedora 39 : golang (2023-4c35736385)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-4c35736385 advisory. This release includes fixes to the go command, the crypto/tls, net/http packages, and several more. Tenable has extracted the preceding description block...

Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http, golang.org/x/net/http2: avoid quadrati...

ALSA-2023:6474 Moderate: podman security, bug fix, and enhancement update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http...

RHEL 9 : podman (RHSA-2023:6474)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6474 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use contain...