Fedora 39 : grpc (2023-8570e0055b)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8570e0055b advisory. Automatic update for grpc-1.48.4-20.fc39. Changelog Wed Jul 5 2023 Benjamin A. Beasley - 1.48.4-20 - Backport fix for CVE-2023-32732 fix RHBZ2214470 Tenable...

Important: Red Hat Security Advisory: Migration Toolkit for Applications security update

An update is now available for MTA-6.1-RHEL-8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Amazon Linux 2023 : cni-plugins (ALAS2023-2023-419)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-419 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2023-418)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-418 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Amazon Linux 2 : cri-tools (ALAS-2023-2324)

The version of cri-tools installed on the remote host is prior to 1.26.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2324 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...

Important: Red Hat Security Advisory: openshift-gitops-kam security update

An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Amazon Linux 2 : amazon-ecr-credential-helper (ALASNITRO-ENCLAVES-2023-033)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.7.1-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2023-033 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request...

Amazon Linux 2 : containerd (ALASECS-2023-017)

The version of containerd installed on the remote host is prior to 1.6.19-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-017 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many stream...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.1 security update

An update is now available for Red Hat OpenShift GitOps 1.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.0 security update

Red Hat OpenShift Container Platform release 4.14.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: skupper-cli and skupper-router security update

An update for skupper-cli and skupper-router is now available for Service Interconnect 1 for RHEL 8 and Service Interconnect 1 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.3 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.3 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

SUSE-SU-2023:4199-1 Security update for nghttp2

This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. bsc1216174...

Fedora: Security Advisory for mod_http2 (FEDORA-2023-0259c3f26f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

go-toolset:rhel8 security update

An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...

[SECURITY] Fedora 38 Update: mod_http2-2.0.25-1.fc38

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

Amazon Linux 2023 : runc (ALAS2023-2023-396)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-396 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

RHEL 9 : toolbox (RHSA-2023:6077)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6077 advisory. The rhel9/toolbox container image can be used with Toolbox to obtain RHEL based containerized command line environments to aid with...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-395)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-395 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Important: Red Hat Security Advisory: Self Node Remediation Operator 0.5.1 security update

This is an updated version of the Self Node Remediation Operator. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...