Download
| Alert*
oval:org.secpod.oval:def:1506183
buildah [1.19.9-6] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 - Related: #2061390 [1.19.9-5] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 - Related: #2061390 [1.19.9-4] - update to the latest content of htt ... oval:org.secpod.oval:def:507103 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix: * golang: compress/gzip: stack exhaustion in Reader.Read * golang: net/http: improper sanitization of Transfer-En ... oval:org.secpod.oval:def:1701029 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:1505895 golang [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109182 [1.17.10-2] - Clean up dist-git patches - Resolves: rhbz#2109173 go-toolset [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109182 oval:org.secpod.oval:def:1701027 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:1506143 golang [1.17.13-1.0.1] - Update tarball to 1.17.12 - Add patches between Go 1.17.12 and Go 1.17.13 - Reviewed-by: David Faust [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109182 go-toolset [1.17.13-1] - Set version to correspond to the matching build golang version oval:org.secpod.oval:def:93185 golang-1.18: Go programming language compiler - metapackage Several security issues were fixed in Go. oval:org.secpod.oval:def:2500776 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. oval:org.secpod.oval:def:1506228 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1701024 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:19500031 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory.A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined ... oval:org.secpod.oval:def:2600063 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. oval:org.secpod.oval:def:1506157 [7.5.15-3] - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working ... oval:org.secpod.oval:def:1701017 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:1701653 An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice causing a panic when calling ImportedSymbols. An a ... oval:org.secpod.oval:def:2500884 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:1701014 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:4501141 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * cri-o: memory exhaustion on the node when access to the kube api * golang: go/parser: stack exhaus ... oval:org.secpod.oval:def:19500124 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory.A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. A val ... oval:org.secpod.oval:def:507400 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. The following packages have been upgraded to a later upstream version: grafana . Security Fix: * sanitize-url: XSS due to improper sanitization in sanitizeUrl function * golang: net/http: im ... oval:org.secpod.oval:def:5800043 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix: * golang: compress/gzip: stack exhaustion in Reader.Read * golang: net/http: improper sanitization of Transfer-En ... oval:org.secpod.oval:def:2107278 Oracle Solaris 11 - ( CVE-2022-32189 ) oval:org.secpod.oval:def:89046849 This update for go1.17 fixes the following issues: Update to go version 1.17.13 : - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic . - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode . - CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read ... oval:org.secpod.oval:def:3301289 SUSE Security Update: Security update for go1.18 oval:org.secpod.oval:def:2500872 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB and OpenTSDB. oval:org.secpod.oval:def:124113 fzf is a general-purpose command-line fuzzy finder. It's an interactive Unix filter for command-line that can be used with any list; files, command history, processes, hostnames, bookmarks, git commits, etc. oval:org.secpod.oval:def:1701045 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:87148 [7.5.15-3] - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working ... oval:org.secpod.oval:def:19500050 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory.A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined ... oval:org.secpod.oval:def:507092 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * golang: compress/gzip: stack exhaustion in Reader.Read * golang: net/http: improper sanitization of Transfer-Encoding header * golang: go/parser: stack exhaustion in all Parse* ... oval:org.secpod.oval:def:2600001 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB and OpenTSDB. oval:org.secpod.oval:def:507298 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. The following packages have been upgraded to a later upstream version: grafana . Security Fix: * sanitize-url: XSS due to improper sanitization in sanitizeUrl function * golang: net/http: im ... oval:org.secpod.oval:def:4501098 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * golang: compress/gzip: stack exhaustion in Reader.Read * golang: net/http: improper sanitization of Transfer-Encoding header * golang: go/parser: stack exhaustion in all Parse* ... oval:org.secpod.oval:def:4501011 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. The following packages have been upgraded to a later upstream version: grafana . Security Fix: * sanitize-url: XSS due to improper sanitization in sanitizeUrl function * golang: net/http: im ... oval:org.secpod.oval:def:1701039 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:507338 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * cri-o: memory exhaustion on the node when access to the kube api * golang: go/parser: stack exhaus ... oval:org.secpod.oval:def:1505885 golang [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109183 [1.17.7-2] - Clean up dist-git patches - Resolves: rhbz#2109174 go-toolset [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109183 oval:org.secpod.oval:def:1701037 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:1701032 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:1701031 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:3300345 SUSE Security Update: Security update for go1.17 oval:org.secpod.oval:def:5800109 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB; OpenTSDB. The following packages have been upgraded to a later upstream version: grafana . Security Fix: * sanitize-url: XSS due to improper sanitization in sanitizeUrl function * golang: net/http: i ... oval:org.secpod.oval:def:1701035 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:1601580 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... oval:org.secpod.oval:def:2501100 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:507747 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: go/parser: stack exhaustion in all Parse* functions * golang: net/http: handle server erro ... oval:org.secpod.oval:def:1506787 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89048917 This update for go1.18-openssl fixes the following issues: * Add subpackage go1.x-libstd compiled shared object libstd.so * Main go1.x package included libstd.so in previous versions * Split libstd.so into subpackage that can be installed standalone * Continues the slimming down of main go1.x packa ... oval:org.secpod.oval:def:708103 golang-1.18: Go programming language compiler - metapackage Several security issues were fixed in Go. oval:org.secpod.oval:def:507725 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: go/parser: stack exhaustion in all Parse* functions * golang: net/http: handle server erro ... oval:org.secpod.oval:def:1506777 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2501075 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. |