ALSA-2023:6473 Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

RHEL 9 : containernetworking-plugins (RHSA-2023:6402)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6402 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network interfac...

Rocky Linux 8 : container-tools:3.0 (RLSA-2022:7529)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7529 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

RHEL 9 : toolbox (RHSA-2023:6346)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6346 advisory. Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman...

Important: Red Hat Security Advisory: Migration Toolkit for Applications security update

An update is now available for MTA-6.1-RHEL-8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2021:5160)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5160 advisory. - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

Rocky Linux 9 : grafana-pcp (RLSA-2022:8250)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8250 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

Important: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.30.2 security update

Red Hat OpenShift Serverless 1.30.2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

Security Bulletin: IBM Storage Ceph is vulnerable via Exposure of Sensitive Information to an Unauthorized Actork in Golang (CVE-2022-32148)

Summary Golang is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2022-32148 Vulnerability Details CVEID: CVE-2022-32148 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by improper exposure of client IP addresses in net/htt...

Important: Red Hat Security Advisory: openshift-gitops-kam security update

An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.1 security update

An update is now available for Red Hat OpenShift GitOps 1.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.0 security update

Red Hat OpenShift Container Platform release 4.14.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

Critical: Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: skupper-cli and skupper-router security update

An update for skupper-cli and skupper-router is now available for Service Interconnect 1 for RHEL 8 and Service Interconnect 1 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.3 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.3 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

RLSA-2023:5863 Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS...

go-toolset:rhel8 security update

An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...

RHEL 9 : toolbox (RHSA-2023:6077)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6077 advisory. The rhel9/toolbox container image can be used with Toolbox to obtain RHEL based containerized command line environments to aid with...