[SECURITY] Fedora 35 Update: puppet-7.12.1-1.fc35

Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and...

CVE-2021-41190

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manifest or an index. ...

Oracle Linux 8 : gcc-toolset-10-gcc (ELSA-2021-4585)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4585 advisory. 10.3.1-1.2.0.1 - Fix Orabug 32423691- gcc10 SEGV for every test in sregress: ORA-7445ksmplruaddbatchksm same bug as PR tree-optimization/100053:...

Oracle Linux 8 : llvm-toolset:ol8 (ELSA-2021-4743)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4743 advisory. clang 12.0.1-4.0.1 - Use all available CPU cores for build - Recognize Oracle Linux distros OraBug: 29422714 12.0.1-4 - Trojan source clang-tidy patchset fix...

Clarify Content-Type handling

Impact In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the...

Ambiguous OCI manifest parsing

Impact In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of containerd prior to 1.4.12 and 1.5.8 treat the Content-Type...

GHSA-5J5W-G665-5M35 Ambiguous OCI manifest parsing

Impact In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of containerd prior to 1.4.12 and 1.5.8 treat the Content-Type...

GHSA-77VH-XPMG-72QH Clarify `mediaType` handling

Impact In the OCI Image Specification version 1.0.1 and prior, manifest and index documents are not self-describing and documents with a single digest could be interpreted as either a manifest or an index. Patches The Image Specification will be updated to recommend that both manifest and index...

Clarify `mediaType` handling

Impact In the OCI Image Specification version 1.0.1 and prior, manifest and index documents are not self-describing and documents with a single digest could be interpreted as either a manifest or an index. Patches The Image Specification will be updated to recommend that both manifest and index...

Oracle Linux 8 : gcc-toolset-11-binutils (ELSA-2021-4594)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4594 advisory. 2.36.1-1.0.1.1 - Forward port Oracle patches from 2.36.1-1.0.1 - Reviewed-by: Jose E. Marchesi 2.36.1-1.1 - Add ability to control the display of unicode...

Oracle Linux 8 : gcc-toolset-11-gcc (ELSA-2021-4586)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4586 advisory. 11.2.1-1.2.0.1 - Add -ftrivial-auto-var-init support from GCC12 Reviewed-by: Jose E. Marchesi - Add CTF/BTF support Reviewed-by: Qing Zhao 11.2.1-1.2 - add...

Oracle Linux 8 : annobin (ELSA-2021-4593)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4593 advisory. 9.72-1.2 - Bump NVR and rebuild to use the new gcc. 2017362 9.72-1.1 - Annocheck: Add test for multibyte characters in symbol names. 2017362 9.72-1 - Rebase to...

Oracle Linux 8 : gcc-toolset-11-annobin (ELSA-2021-4591)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4591 advisory. 9.85-1.1 - Annocheck: Add test for multibyte characters in symbol names. 2017367 Tenable has extracted the preceding description block directly from the Oracle...

Oracle Linux 8 : gcc-toolset-10-binutils (ELSA-2021-4649)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4649 advisory. 2.35-8.6 - Add ability to control the display of unicode characters. 2009176 Tenable has extracted the preceding description block directly from the Oracle Linu...

Oracle Linux 8 : binutils (ELSA-2021-4595)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4595 advisory. 2.30-108.0.2.1 - Forward-port Oracle patches from 2.30-108.0.2 to 2.30-108.0.2.1 - Reviewed-by: Jose E. Marchesi 2.30-108.0.2 - Forward-port the following updat...

Oracle Linux 8 : rust-toolset:ol8 (ELSA-2021-4590)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4590 advisory. rust 1.54.0-3 - Lint against Unicode control codepoints. rust-toolset 1.54.0-1 - Update to Rust and Cargo 1.54.0. 1.53.0-1 - Update to Rust and Cargo 1.53.0...

Medium: containerd, docker

Issue Overview: In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby Docker Engine prior to 20.10.11 and versions of...

AZL-44925 CVE-2021-41190 affecting package umoci 0.4.7-13

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...

UBUNTU-CVE-2021-41190

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...

CVE-2021-41190

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...