Download
| Alert*
oval:org.secpod.oval:def:1601640
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access contr ... oval:org.secpod.oval:def:506933 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * golang: Command-line arguments may overwrite global data * golang: archive/zip: malformed archive may cause panic or memory exhaustion * golang: debug/macho: invalid dynamic s ... oval:org.secpod.oval:def:3301140 SUSE Security Update: Security update for go1.16 oval:org.secpod.oval:def:3301058 SUSE Security Update: Security update for go1.17 oval:org.secpod.oval:def:1700993 A null pointer dereference vulnerability was found in golang. When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the authentication method and cause the server to panic resulting in a denial ... oval:org.secpod.oval:def:2107750 Oracle Solaris 11 - ( CVE-2022-23806 ) oval:org.secpod.oval:def:2500789 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. oval:org.secpod.oval:def:4500895 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * golang: Command-line arguments may overwrite global data * golang: archive/zip: malformed archive may cause panic or memory exhaustion * golang: debug/macho: invalid dynamic s ... oval:org.secpod.oval:def:1700945 A validation flaw was found in golang. When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments. The highest threat from this vulnerability is to integrity. A vulnerability ... oval:org.secpod.oval:def:1700888 A validation flaw was found in golang. When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments. The highest threat from this vulnerability is to integrity. An out of bounds ... oval:org.secpod.oval:def:1505762 go-toolset [1.16.15-1] - Rebase to Go 1.16.15 golang [1.16.15-1.0.1] - Add patches from 1.16.12 to 1.16.15 - Add Sources for 3 binary files that changed between 1.16.12 and 1.16.15 - Rename base_vrsn to base_version - Reviewed-by: XXX XXX oval:org.secpod.oval:def:1505667 delve [1.7.2-1.0.1] - Disable DWARF compression which has issues [1.7.2-1] - Rebase to 1.7.2 - Related: rhbz#2014088 golang [1.17.7-1] - Rebase to Go 1.17.7 - Remove fips memory leak patch - Resolves: rhbz#2015930 go-toolset [1.17.7-1] - Rebase to Go 1.17.7 - Remove fips memory leak patch - Resol ... oval:org.secpod.oval:def:89046086 This update for go1.17 fixes the following issues: - CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve . - CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption . - CVE-2022-23773: Fixed incorrect access control in cmd/go . ... oval:org.secpod.oval:def:89046087 This update for go1.16 fixes the following issues: - CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve . - CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption . - CVE-2022-23773: Fixed incorrect access control in cmd/go . ... oval:org.secpod.oval:def:19500061 Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access contr ... oval:org.secpod.oval:def:1701653 An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice causing a panic when calling ImportedSymbols. An a ... oval:org.secpod.oval:def:1601580 A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standa ... |