ALSA-2024:2560 Moderate: libvirt security and bug fix update

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fixes: libvirt: off-by-one error in udevListInterfacesByStatus...

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.4.21 (RHSA-2018:2742)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2742 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

RHEL 7 : qemu-kvm-rhev (RHSA-2016:1756)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1756 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provid...

Libvirt: negative g_new0 length can lead to unbounded memory allocation

...

RHCOS 4 : OpenShift Container Platform 4.12.22 (RHSA-2023:3613)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3613 advisory. - golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers CVE-2022-2879 - golang:...

RHCOS 4 : OpenShift Container Platform 4.12.3 (RHSA-2023:0727)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0727 advisory. - golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers CVE-2022-2879 - golang:...

Oracle Linux 7 : qemu (ELSA-2018-4289)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4289 advisory. - net: ignore packet size greater than INTMAX Jason Wang Orabug: 28763782 CVE-2018-17963 - pcnet: fix possible buffer overflow Jason Wang Orabug:...

CentOS 7 : java-1.8.0-openjdk (RHSA-2022:1487)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1487 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affecte...

GO-2023-1766 Denial of service from memory leak in github.com/ipfs/go-libipfs

An attacker can cause a Bitswap server to allocate and leak unbounded amounts of memory...

RHEL 7 : java-1.8.0-ibm (RHSA-2023:3136)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3136 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2023-0446)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0446 advisory. golang 1.18.9-1 - Update to Go 1.18.9 - Add big-endian.patch - Increase GOTESTTIMEOUTSCALE due to a Brew issue - Add do-not-reuse-far-trampolines.patch...

AlmaLinux 9 : go-toolset and golang (ALSA-2023:0328)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0328 advisory. - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of...

Denial Of Service (DoS)

github.com/revel/revel is vulnerable to denial of service attacks. Unsanitized input in the query parser in bindSlice function allows remote attackers to cause resource exhaustion via unbounded memory allocation resulting in denial of service...

CVE-2022-2879

CVE-2022-2879 affects Go-based archive/header reading (unbounded header memory in Reader.Read; fixed to cap header blocks at 1 MiB). Connected advisories show impact on container tooling: buildah versions older than 1.41.4-2 and podman versions older than 5.6.1-2 are affected. Upgrading to builda...

RHEL 9 : java-1.8.0-openjdk (RHSA-2022:2137)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:2137 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

RHEL 9 : java-17-openjdk (RHSA-2022:1729)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1729 advisory. The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixe...

MGASA-2022-0261 Updated java packages fix security vulnerability

OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions JAXP, 8270504 CVE-2022-21426 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler Libraries, 8277672...

GHSA-H3Q4-6J7F-R24C priority vulnerable to denial of service

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority informati...

OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

RHEL 7 : java-1.8.0-openjdk (RHSA-2022:1487)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1487 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...