Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update

Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RHEL 7 / 8 : OpenShift Container Platform 4.7.0 (RHSA-2020:5634)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5634 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager.

Summary A security vulnerability in GO affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2020-28362 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation by the math/big.Int methods. By sending a specially-crafted inputs, a remote...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6 file-integrity-operator image security update

A new file-integrity-operator image update is now available for OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6 compliance-operator security and bug fix update

An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container is now available for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impac...

CentOS 8 : go-toolset:rhel8 (CESA-2020:5493)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:5493 advisory. - golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS CVE-2020-24553 - golang: math/big: panic during recursive...

Security Bulletin: IBM Cloud Pak for Integration is affected by multiple Go vulnerabilities

Summary IBM Cloud Pak for Integration is vulnerable to Go CVE-2020-28366, CVE-2020-28362, CVE-2020-28367 Vulnerability Details CVEID: CVE-2020-28366 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a code injection flaw in go command when cgo...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.12 extras and security update

Red Hat OpenShift Container Platform release 4.6.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

Medium: golang

Issue Overview: Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. CVE-2020-28362 Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. CVE-2020-28366 Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. CVE-2020-28367 Affected Packages: golang Issue...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Serverless Client kn 1.12.0

Red Hat OpenShift Serverless Client kn 1.12.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the C...

Amazon Linux AMI : golang (ALAS-2021-1471)

The version of golang installed on the remote host is prior to 1.15.5-1.65. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1471 advisory. Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. CVE-2020-28362 Go before 1.14.12 and 1.15.x before...

Amazon Linux 2 : golang (ALAS-2021-1578)

The version of golang installed on the remote host is prior to 1.15.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1578 advisory. Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. CVE-2020-28362 Go before 1.14.12 and 1.15.x before...

Security Bulletin: Upgrade to IBP v2.5.1 to address recent concerns/issues with Golang versions other than 1.14.12

Summary There were several security problems found with various/other releases of Golang. We have moved the Golang provided in IBP components and also the Golang used to compile Go-based components in IBP to version 1.14.12. Vulnerability Details CVEID: CVE-2020-28366 DESCRIPTION: Golang Go could...

Amazon Linux AMI : golang (ALAS-2020-1471) (deprecated)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1471 advisory. - Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. CVE-2020-28362 - Go before 1.14.12 and...

Fedora: Security Advisory for golang (FEDORA-2020-e971480183)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS CVE-2020-24553 golang: math/big: panic during recursive division of very large numbers...

Security Bulletin: App Connect Enterprise Certified Container Operator and Integration Servers are vulnerable to code injection and Denial of Service attacks

Summary App Connect Enterprise Certified Container Operator and Integration Servers are vulnerable to code injection and Denial of Service attacks due to CVE-2020-28362, CVE-2020-28366 and CVE-2020-28367 Vulnerability Details CVEID: CVE-2020-28366 DESCRIPTION: Golang Go could allow a remote...

Moderate: Red Hat Security Advisory: go-toolset-1.14-golang security update

An update for go-toolset-1.14-golang is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openSUSE Security Update : go1.14 (openSUSE-2020-2047)

This update for go1.14 fixes the following issues : - go1.14.12 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected int...