golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents

A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability...

golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents

A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability...

Ubuntu 16.04 ESM / 18.04 LTS : ImageMagick vulnerabilities (USN-5158-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5158-1 advisory. It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user in...

CentOS 8 : go-toolset:rhel8 (CESA-2021:4156)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4156 advisory. - golang: net: lookup functions may return invalid host names CVE-2021-33195 - golang: net/http/httputil: ReverseProxy forwards connection headers if...

RHEL 8 : go-toolset:rhel8 (RHSA-2021:4156)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4156 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been...

EulerOS 2.0 SP5 : golang (EulerOS-SA-2021-2661)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2710)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2685)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value...

RLSA-2021:4156 Moderate: go-toolset:rhel8 security, bug fix, and enhancement update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been upgraded to a later upstream version: golang 1.16.7. BZ1938071 Security Fixes: golang: net: lookup functions may return invalid host names CVE-2021-33195...

ALSA-2021:4156 Moderate: go-toolset:rhel8 security, bug fix, and enhancement update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been upgraded to a later upstream version: golang 1.16.7. BZ1938071 Security Fixes: golang: net: lookup functions may return invalid host names CVE-2021-33195...

Number of prizes math is wrong

Handle cmichel Vulnerability details The math described in Splitting the prizes and implemented in DrawCalculator.numberOfPrizesForIndex seems to be wrong. Assuming a bit range of 4 16 possibilities per position and cardinality of 8. Note that degree is determined by the first position where it...

Auction multiplier set to zero

Handle goatbug Vulnerability details Impact function setAuctionMultiplieruint256 newAuctionMultiplier public override onlyOwner auctionMultiplier = newAuctionMultiplier; auction multiplier can be set to zero by factory owner. This would stop the auction settling, function would always revert...

golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents

A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability...

golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents

A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability...

Security Bulletin: A vulnerability in Bouncy Castle affect IBM Watson Machine Learning Accelerator

Summary A vulnerability exists in the Bouncy Castle version used by IBM Watson Machine Learning Accelerator. Bouncy Castle upgrade to version 1.69 which resolves these vulnerabilities, is available on IBM Fix Central. Vulnerability Details CVEID: CVE-2020-15522 DESCRIPTION: Bouncy Castle BC Java,...

Amazon Linux AMI : golang (ALAS-2021-1527)

The version of golang installed on the remote host is prior to 1.15.14-1.69. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1527 advisory. A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers i...

RHEL 7 / 8 : OpenShift Container Platform 4.8.9 (RHSA-2021:3248)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3248 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents

A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability...

Moderate: Red Hat Security Advisory: glibc security and bug fix update

An update for glibc is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact...

FreeBSD : bouncycastle15 -- EC math vulnerability (89d5bca6-0150-11ec-bf0c-080027eedc6a)

The Bouncy Castle team reports: : Bouncy Castle BC Java before 1.66 has a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. %NASLMINLEVEL...