35 matches found
EUVD-2021-19911
Malware in sbrugna...
Moderate: Red Hat Security Advisory: container-tools:rhel8 security update
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Moderate: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents CVE-2021-33198 podman: podman machine spawns gvproxy...
RHEL 7 : etcd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: net: lookup functions may return invalid host names CVE-2021-33195 - In Go before 1.15.13 and...
RHEL 7 / 8 : OpenShift Virtualization 2.6.10 RPMs (RHSA-2022:1402)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1402 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains...
BIT-GOLANG-2021-33198
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method...
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2021:4156)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4156 advisory. - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may...
AlmaLinux 9 : skopeo (ALSA-2022:7955)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7955 advisory. - A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is...
RHEL 9 : skopeo (RHSA-2022:7955)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7955 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and...
Moderate: Red Hat Security Advisory: buildah security and bug fix update
An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Moderate: skopeo security and bug fix update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: containers/storage: DoS via malicious image CVE-2021-20291 golang: math/big.Rat: may cause a panic or an unrecoverable fatal erro...
EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2710)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value...
CentOS 8 : go-toolset:rhel8 (CESA-2021:4156)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4156 advisory. - golang: net: lookup functions may return invalid host names CVE-2021-33195 - golang: net/http/httputil: ReverseProxy forwards connection headers if...
RHEL 8 : go-toolset:rhel8 (RHSA-2021:4156)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4156 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been...
EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2685)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value...
ALSA-2021:4156 Moderate: go-toolset:rhel8 security, bug fix, and enhancement update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been upgraded to a later upstream version: golang 1.16.7. BZ1938071 Security Fixes: golang: net: lookup functions may return invalid host names CVE-2021-33195...
RLSA-2021:4156 Moderate: go-toolset:rhel8 security, bug fix, and enhancement update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been upgraded to a later upstream version: golang 1.16.7. BZ1938071 Security Fixes: golang: net: lookup functions may return invalid host names CVE-2021-33195...
golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability...
Amazon Linux AMI : golang (ALAS-2021-1527)
The version of golang installed on the remote host is prior to 1.15.14-1.69. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1527 advisory. A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers i...
RHEL 7 / 8 : OpenShift Container Platform 4.8.9 (RHSA-2021:3248)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3248 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...