Security Bulletin: Operations Dashboard is vulnerable to multiple Go vulnerabilities

Summary Operations Dashboard is vulnerable to multiple Go vulnerabilities with details of each below Vulnerability Details CVEID: CVE-2021-33197 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By...

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Go vulnerability CVE-2021-31525

Summary IBM Cloud Pak for Integration is vulnerable to Go vulnerability CVE-2021-31525 with details below Vulnerability Details CVEID: CVE-2021-31525 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or...

Moderate: Red Hat Security Advisory: OpenShift Container Storage 3.11.z Container Images Security and Bug Fix Update

Updated container images that fix various bugs are now available for Red Hat OpenShift Container Storage 3.11 Update 8 in the Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score,...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2021-2551)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : golang (EulerOS-SA-2021-2497)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2527)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2551)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to...

EulerOS 2.0 SP8 : golang (EulerOS-SA-2021-2462)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to...

Security Bulletin: A security vulnerability in Golang GO affects IBM Cloud Automation Manager

Summary A security vulnerability in Golang GO affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-31525 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server,...

golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header

A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes...

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.17.0

Release of OpenShift Serverless Client kn 1.17.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Updated golang packages fix security vulnerability

The updated golang packages fix a security vulnerability: Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort CVE-2021-36221...

Security Bulletin: Golang Go Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-31525)

Summary Golang Go is vulnerable to a denial of service, caused by a flaw in net/http on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2021-31525 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header ...

RHEL 7 / 8 : OpenShift Container Platform 4.8.9 (RHSA-2021:3248)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3248 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.8.9 packages and security update

Red Hat OpenShift Container Platform release 4.8.9 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a...

Security update for go1.16 (moderate)

openSUSE Security Update: Security update for go1.16 Announcement ID: openSUSE-SU-2021:1199-1 Rating: moderate References: 1182345 1189162 Cross-References: CVE-2021-36221 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability and has one errata is now available.Description...

openSUSE 15 Security Update : go1.15 (openSUSE-SU-2021:2787-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2787-1 advisory. - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler...

SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2021:2787-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2787-1 advisory. - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an...

Security update for go1.16 (moderate)

openSUSE Security Update: Security update for go1.16 Announcement ID: openSUSE-SU-2021:2788-1 Rating: moderate References: 1182345 1189162 Cross-References: CVE-2021-36221 Affected Products: openSUSE Leap 15.3 An update that solves one vulnerability and has one errata is now available.Description...