Download
| Alert*
|
oval:org.secpod.oval:def:708689
golang-1.13: Go programming language compiler - golang-1.16: Go programming language compiler Details: USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original adviso ... oval:org.secpod.oval:def:1506183 buildah [1.19.9-6] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 - Related: #2061390 [1.19.9-5] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 - Related: #2061390 [1.19.9-4] - update to the latest content of htt ... oval:org.secpod.oval:def:507103 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix: * golang: compress/gzip: stack exhaustion in Reader.Read * golang: net/http: improper sanitization of Transfer-En ... oval:org.secpod.oval:def:507345 The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: io ... oval:org.secpod.oval:def:1701029 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:507307 The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: io ... oval:org.secpod.oval:def:1505895 golang [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109182 [1.17.10-2] - Clean up dist-git patches - Resolves: rhbz#2109173 go-toolset [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109182 oval:org.secpod.oval:def:1701027 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:1506143 golang [1.17.13-1.0.1] - Update tarball to 1.17.12 - Add patches between Go 1.17.12 and Go 1.17.13 - Reviewed-by: David Faust [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109182 go-toolset [1.17.13-1] - Set version to correspond to the matching build golang version oval:org.secpod.oval:def:93185 golang-1.18: Go programming language compiler - metapackage Several security issues were fixed in Go. oval:org.secpod.oval:def:2500776 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. oval:org.secpod.oval:def:1506106 [2.13.3-3] - Rebuild with new Golang - Resolves: rhbz#2131795 oval:org.secpod.oval:def:1506228 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1701024 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:19500031 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory.A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined ... oval:org.secpod.oval:def:2600063 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. oval:org.secpod.oval:def:507397 Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: io/fs: stack ... oval:org.secpod.oval:def:4501078 The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: io ... oval:org.secpod.oval:def:507234 Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix: * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing - -u- extension * golang.org/x ... oval:org.secpod.oval:def:1506157 [7.5.15-3] - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working ... oval:org.secpod.oval:def:1701017 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:1701653 An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice causing a panic when calling ImportedSymbols. An a ... oval:org.secpod.oval:def:2500842 The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. oval:org.secpod.oval:def:2500884 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:1701014 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:2500827 Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. oval:org.secpod.oval:def:5800047 The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: io ... oval:org.secpod.oval:def:4501141 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * cri-o: memory exhaustion on the node when access to the kube api * golang: go/parser: stack exhaus ... oval:org.secpod.oval:def:2600111 The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. oval:org.secpod.oval:def:5800125 Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: io/fs: stack ... oval:org.secpod.oval:def:19500124 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory.A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. A val ... oval:org.secpod.oval:def:2600077 Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. oval:org.secpod.oval:def:507400 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. The following packages have been upgraded to a later upstream version: grafana . Security Fix: * sanitize-url: XSS due to improper sanitization in sanitizeUrl function * golang: net/http: im ... oval:org.secpod.oval:def:5800043 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix: * golang: compress/gzip: stack exhaustion in Reader.Read * golang: net/http: improper sanitization of Transfer-En ... oval:org.secpod.oval:def:2107278 Oracle Solaris 11 - ( CVE-2022-32189 ) oval:org.secpod.oval:def:89046849 This update for go1.17 fixes the following issues: Update to go version 1.17.13 : - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic . - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode . - CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read ... oval:org.secpod.oval:def:3301289 SUSE Security Update: Security update for go1.18 oval:org.secpod.oval:def:2500872 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB and OpenTSDB. oval:org.secpod.oval:def:124113 fzf is a general-purpose command-line fuzzy finder. It's an interactive Unix filter for command-line that can be used with any list; files, command history, processes, hostnames, bookmarks, git commits, etc. oval:org.secpod.oval:def:1701045 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:87148 [7.5.15-3] - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working ... oval:org.secpod.oval:def:19500050 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory.A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined ... oval:org.secpod.oval:def:507092 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * golang: compress/gzip: stack exhaustion in Reader.Read * golang: net/http: improper sanitization of Transfer-Encoding header * golang: go/parser: stack exhaustion in all Parse* ... oval:org.secpod.oval:def:2600001 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB and OpenTSDB. oval:org.secpod.oval:def:1506171 [3.2.0-2] - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read - res ... oval:org.secpod.oval:def:507298 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. The following packages have been upgraded to a later upstream version: grafana . Security Fix: * sanitize-url: XSS due to improper sanitization in sanitizeUrl function * golang: net/http: im ... oval:org.secpod.oval:def:4500962 Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix: * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension * golang.org/x/t ... oval:org.secpod.oval:def:4501098 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * golang: compress/gzip: stack exhaustion in Reader.Read * golang: net/http: improper sanitization of Transfer-Encoding header * golang: go/parser: stack exhaustion in all Parse* ... oval:org.secpod.oval:def:4501011 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. The following packages have been upgraded to a later upstream version: grafana . Security Fix: * sanitize-url: XSS due to improper sanitization in sanitizeUrl function * golang: net/http: im ... oval:org.secpod.oval:def:1701039 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:507338 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * cri-o: memory exhaustion on the node when access to the kube api * golang: go/parser: stack exhaus ... oval:org.secpod.oval:def:1505885 golang [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109183 [1.17.7-2] - Clean up dist-git patches - Resolves: rhbz#2109174 go-toolset [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109183 oval:org.secpod.oval:def:1506259 [3.2.0-3] - bump NVR oval:org.secpod.oval:def:1701037 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:1701032 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:1701031 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:3300345 SUSE Security Update: Security update for go1.17 oval:org.secpod.oval:def:5800109 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB; OpenTSDB. The following packages have been upgraded to a later upstream version: grafana . Security Fix: * sanitize-url: XSS due to improper sanitization in sanitizeUrl function * golang: net/http: i ... oval:org.secpod.oval:def:1701035 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:1601580 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:98653 golang-1.13: Go programming language compiler - golang-1.16: Go programming language compiler Details: USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original adviso ... oval:org.secpod.oval:def:2501100 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:507747 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: go/parser: stack exhaustion in all Parse* functions * golang: net/http: handle server erro ... oval:org.secpod.oval:def:1506787 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89048917 This update for go1.18-openssl fixes the following issues: * Add subpackage go1.x-libstd compiled shared object libstd.so * Main go1.x package included libstd.so in previous versions * Split libstd.so into subpackage that can be installed standalone * Continues the slimming down of main go1.x packa ... oval:org.secpod.oval:def:708103 golang-1.18: Go programming language compiler - metapackage Several security issues were fixed in Go. oval:org.secpod.oval:def:2600231 Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. oval:org.secpod.oval:def:507725 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: go/parser: stack exhaustion in all Parse* functions * golang: net/http: handle server erro ... oval:org.secpod.oval:def:507652 Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: net/http/httputil: Reve ... oval:org.secpod.oval:def:1506693 [3.2.0-1] - Update to 3.2.0 - Resolves: #2139383 [2.13.3-4] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [2.13.3-3] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [2.13.3-2] - Fixed name of source tarball - Fixed date in the latest changelog entry - Relate ... oval:org.secpod.oval:def:1506777 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2501075 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. |
