128 matches found
Moderate: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability...
ALSA-2023:2758 Moderate: container-tools:rhel8 security, bug fix, and enhancement update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-1962 golang:...
RHEL 9 : git-lfs (RHSA-2023:2357)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:2357 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...
RHEL 9 : butane (RHSA-2023:2193)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:2193 advisory. Butane translates human-readable Butane Configs into machine-readable Ignition configs for provisioning operating systems that use Ignition...
RHEL 9 : toolbox (RHSA-2023:2236)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2236 advisory. Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman...
golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability...
Moderate: Red Hat Security Advisory: git-lfs security and bug fix update
An update for git-lfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
ALSA-2023:2236 Moderate: toolbox security and bug fix update
Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 golang:...
Moderate: toolbox security and bug fix update
Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 golang:...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform (etcd) security update
An update for etcd is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
SUSE CVE-2022-23772
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption...
golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability...
golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability...
Go 1.20 Cryptography
The first second release candidate of Go 1.20 is out!1 This is the first release I participated in as an independent maintainer, after leaving Google to become a professional Open Source maintainer. By the way, thats going great, and Im going to write more about it here soon! Im pretty happy with...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.16 security update
Red Hat OpenShift Container Platform release 4.11.16 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...
golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability...
AlmaLinux 9 : Image Builder (ALSA-2022:7950)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:7950 advisory. - A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of...
Oracle Linux 8 : Image / Builder (ELSA-2022-7548)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7548 advisory. cockpit-composer 41-1.0.1 - Make per page documentation links point to Oracle Linux Orabug: 32013095 41-1 - New upstream release Tenable has extracted the...
Low: Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update
An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...