Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.10.3 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

Updated golang packages fix security vulnerability

Overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption CVE-2022-23772 Incorrect access control in cmd/go CVE-2022-23773 Incorrect returned value in crypto/elliptic IsOnCurve CVE-2022-23806 The following non-security bugs were fixed: - go50978 crypto/elliptic: IsOnCurve...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-1242)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-1254)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler...

golang: net/http/httputil: panic due to racy read of persistConn after handler panic

A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability...

golang: net/http: limit growth of header canonicalization cache

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

Important: Red Hat Security Advisory: Service Telemetry Framework 1.3 (sg-core-container) security update

An update for sg-core-container is now available for Service Telemetry Framework 1.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Service Telemetry Framework 1.4 (sg-core-container) security update

An update for sg-core-container is now available for Service Telemetry Framework 1.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

GO-2021-0143

When a Handler does not explicitly set the Content-Type header, the net/http/cgi and net/http/fcgi packages default to "text/html", which can cause a Cross-Site Scripting vulnerability if an attacker can control any part of the contents of a response...

GO-2021-0241 Attacker can drop certain headers in net/http/httputil

ReverseProxy can be made to forward certain hop-by-hop headers, including Connection. If the target of the ReverseProxy is itself a reverse proxy, this lets an attacker drop arbitrary headers, including those set by the ReverseProxy.Director...

GO-2021-0245 Panic in ReverseProxy in net/http/httputil

ReverseProxy can panic after encountering a problem copying a proxied response body...

Mageia: Security Advisory (MGASA-2021-0587)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header

A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

RHEL 8 : Red Hat OpenStack Platform 16.2 (etcd) (RHSA-2022:0237)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0237 advisory. A highly-available key value store for shared configuration Security Fixes: net/http: limit growth of header canonicalization cache...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Debian DLA-2891-1 : golang-1.8 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2891 advisory. Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial-of-service DoS and information leak. CVE-2021-33196 In...

Debian DLA-2892-1 : golang-1.7 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2892 advisory. Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial-of-service DoS and information leak. CVE-2021-33196 In...

Important: Red Hat Security Advisory: Cryostat security update

Updated RHEL-8 based Cryostat container images are now available Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

GO-2021-0226 Cross-site scripting in net/http/cgi and net/http/fcgi

When a Handler does not explicitly set the Content-Type header, the the package would default to “text/html”, which could cause a Cross-Site Scripting vulnerability if an attacker can control any part of the contents of a response. The Content-Type header is now set based on the contents of the...