Download
| Alert*
oval:org.secpod.oval:def:708689
golang-1.13: Go programming language compiler - golang-1.16: Go programming language compiler Details: USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original adviso ... oval:org.secpod.oval:def:93185 golang-1.18: Go programming language compiler - metapackage Several security issues were fixed in Go. oval:org.secpod.oval:def:126110 htmltest runs your HTML output through a series of checks to ensure all your links, images, scripts references work, your alt tags are filled in, et cetera. oval:org.secpod.oval:def:126793 HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol. oval:org.secpod.oval:def:508041 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix: grafana: persistent xss in grafana core plugins grafana: plugin signature bypass grafana: data source and plugin proxy endpoints leaking authentication tokens to some destina ... oval:org.secpod.oval:def:1701653 An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice causing a panic when calling ImportedSymbols. An a ... oval:org.secpod.oval:def:126092 Exercism provides a way to do the problems on https://exercism.io. This CLI ships as a binary with no additional run-time requirements. This means that if you're doing the Haskell problems on exercism you don't need a working Python or Ruby environment simply to fetch and submit exercises. oval:org.secpod.oval:def:126093 Exercism provides a way to do the problems on https://exercism.io. This CLI ships as a binary with no additional run-time requirements. This means that if you're doing the Haskell problems on exercism you don't need a working Python or Ruby environment simply to fetch and submit exercises. oval:org.secpod.oval:def:2600401 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. oval:org.secpod.oval:def:126100 htmltest runs your HTML output through a series of checks to ensure all your links, images, scripts references work, your alt tags are filled in, et cetera. oval:org.secpod.oval:def:98653 golang-1.13: Go programming language compiler - golang-1.16: Go programming language compiler Details: USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original adviso ... oval:org.secpod.oval:def:127007 Text is a repository of text-related packages related to internationalization and localization , such as character encodings, text transformations, and locale-specific text handling. oval:org.secpod.oval:def:126485 podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environment and SSH to connect to remote podman machines. oval:org.secpod.oval:def:126486 podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environment and SSH to connect to remote podman machines. oval:org.secpod.oval:def:127014 Text is a repository of text-related packages related to internationalization and localization , such as character encodings, text transformations, and locale-specific text handling. oval:org.secpod.oval:def:126667 podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environment and SSH to connect to remote podman machines. oval:org.secpod.oval:def:4501503 Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix: * golang: net/http, x/net/http2: rapid stream resets c ... oval:org.secpod.oval:def:125183 pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks. oval:org.secpod.oval:def:125182 The CNI project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is delete ... oval:org.secpod.oval:def:124974 Go implementation of the Debug Adapter Protocol. oval:org.secpod.oval:def:1506787 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:125948 Aerc is an email client that runs in your terminal. It's highly efficient and extensible, perfect for the discerning hacker. oval:org.secpod.oval:def:125947 Aerc is an email client that runs in your terminal. It's highly efficient and extensible, perfect for the discerning hacker. oval:org.secpod.oval:def:3300773 SUSE Security Update: Security update for go1.18 oval:org.secpod.oval:def:127008 This packages holds packages for writing tools that work directly with Go module mechanics. That is, it is for direct manipulation of Go modules themselves. oval:org.secpod.oval:def:124973 Go implementation of the Debug Adapter Protocol. oval:org.secpod.oval:def:127011 This packages holds packages for writing tools that work directly with Go module mechanics. That is, it is for direct manipulation of Go modules themselves. oval:org.secpod.oval:def:125194 Declarative configuration for Gmail filters. oval:org.secpod.oval:def:125193 Declarative configuration for Gmail filters. oval:org.secpod.oval:def:507672 Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix: * golang: net/http: handle server errors after sending GOAWAY * golang: net/http: An attacke ... oval:org.secpod.oval:def:1601688 Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. Infinite loop in Read in crypto/rand before Go 1.1 ... oval:org.secpod.oval:def:124943 A Git credential helper that authenticates to GitHub, GitLab, BitBucket and other forges using OAuth. The first time you push, the helper will open a browser window to authenticate. Subsequent pushes within the cache timeout require no interaction. oval:org.secpod.oval:def:124941 Caddy is the web server with automatic HTTPS. oval:org.secpod.oval:def:124945 A Git credential helper that authenticates to GitHub, GitLab, BitBucket and other forges using OAuth. The first time you push, the helper will open a browser window to authenticate. Subsequent pushes within the cache timeout require no interaction. oval:org.secpod.oval:def:2108072 Oracle Solaris 11 - ( CVE-2022-41716 ) oval:org.secpod.oval:def:124940 Caddy is the web server with automatic HTTPS. oval:org.secpod.oval:def:507725 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: go/parser: stack exhaustion in all Parse* functions * golang: net/http: handle server erro ... oval:org.secpod.oval:def:124954 Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is ret ... oval:org.secpod.oval:def:124953 Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is ret ... oval:org.secpod.oval:def:125888 Mnemonicode is a method for encoding binary data into a sequence of words which can be spoken over the phone, for example, and converted back to data on the other side. oval:org.secpod.oval:def:125128 Go client to communicate with Chaos DNS API. oval:org.secpod.oval:def:125164 Fast container image distribution plugin with lazy pulling oval:org.secpod.oval:def:2600206 Conmon is an OCI container runtime monitor. oval:org.secpod.oval:def:126061 Caddy is the web server with automatic HTTPS. oval:org.secpod.oval:def:507650 Conmon is an OCI container runtime monitor. Security Fix: * golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed ... oval:org.secpod.oval:def:2600241 Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. oval:org.secpod.oval:def:125890 croc is a tool that allows any two computers to simply and securely transfer files and folders. oval:org.secpod.oval:def:1701150 An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate ap ... oval:org.secpod.oval:def:1506657 [2:2.1.7-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.7 - Resolves: #2173697 [2:2.1.6-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.6 - Related: #2124478 [2:2.1.5-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.5 - Related: #2124 ... oval:org.secpod.oval:def:2501075 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:125179 pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks. oval:org.secpod.oval:def:3301232 SUSE Security Update: Security update for go1.19 oval:org.secpod.oval:def:125181 The CNI project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is delete ... oval:org.secpod.oval:def:1506663 [1.29.1-1.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [1:1.29.1-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 - Related: #2124478 [1:1.29.0-3] - update to the latest content of https://github.com/containers/bui ... oval:org.secpod.oval:def:2501100 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:507747 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: go/parser: stack exhaustion in all Parse* functions * golang: net/http: handle server erro ... oval:org.secpod.oval:def:125029 Pretty print trees in Go. oval:org.secpod.oval:def:125027 ORAS Go library. oval:org.secpod.oval:def:2600208 The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources ... oval:org.secpod.oval:def:125025 Work with OCI registries, but for secure supply chain - managing content like artifacts, images, SBOM. oval:org.secpod.oval:def:2600226 The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Docke ... oval:org.secpod.oval:def:2600220 The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. oval:org.secpod.oval:def:125034 ORAS Go library. oval:org.secpod.oval:def:125032 Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Use Helm to: - Find and use popular software packaged as Helm Charts to run in Kubernetes - Share your own applications as Helm Charts - Create reproducible builds of your Kubernetes applications - Intell ... oval:org.secpod.oval:def:125039 Pretty print trees in Go. oval:org.secpod.oval:def:1506678 [2:1.11.2-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 - Related: #2124478 [2:1.11.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.11.1 - Related: #2124478 [2:1.11.0-1] - update to 1.11.0 release - Related: #2124478 [2:1.11.0-0. ... oval:org.secpod.oval:def:125038 ORAS Go library. oval:org.secpod.oval:def:125037 Work with OCI registries, but for secure supply chain - managing content like artifacts, images, SBOM. oval:org.secpod.oval:def:125036 Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Use Helm to: - Find and use popular software packaged as Helm Charts to run in Kubernetes - Share your own applications as Helm Charts - Create reproducible builds of your Kubernetes applications - Intell ... oval:org.secpod.oval:def:125040 ORAS Go library. oval:org.secpod.oval:def:2600197 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. oval:org.secpod.oval:def:507644 The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix: * golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests * golang: crypto/tls: session tickets lack rando ... oval:org.secpod.oval:def:507688 The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources ... oval:org.secpod.oval:def:507687 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix: * golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests * golang ... oval:org.secpod.oval:def:1506644 [4.4.1-3.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.4.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel - Related: #2124478 [2:4.4.1-2] - update to the latest content of https://github.com/containers/podman/t ... oval:org.secpod.oval:def:1506688 [1:1.2.0-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.2.0 - Related: #2124478 oval:org.secpod.oval:def:507654 The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Docke ... oval:org.secpod.oval:def:1506777 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:19500061 Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access contr ... oval:org.secpod.oval:def:2600256 Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. oval:org.secpod.oval:def:2501103 Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. oval:org.secpod.oval:def:89048917 This update for go1.18-openssl fixes the following issues: * Add subpackage go1.x-libstd compiled shared object libstd.so * Main go1.x package included libstd.so in previous versions * Split libstd.so into subpackage that can be installed standalone * Continues the slimming down of main go1.x packa ... oval:org.secpod.oval:def:1506674 cockpit-composer [45-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095], [Orabug:34398922] [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release osbuild [81-1] - New upstream release [80-1] - New upstr ... oval:org.secpod.oval:def:507712 Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix: * golang: archive/tar: unbounded memory consumption when reading headers * golang: net/http/httputil: ReverseProxy should not forward unparseable qu ... oval:org.secpod.oval:def:1506557 delve [1.9.1-1.0.1] - Bump version of delve from 1.8.3 to 1.9.1 [1.8.3-1.0.1] - Bump version of delve from 1.7.2 to 1.8.3 [1.7.2-1.0.1] - Bump version of delve from 1.6.0 to 1.7.2, enable aarch64 [1.6.0-1.0.1] - Bump upstream version of delve from 1.5.0 to 1.6.0 [1.5.0-2.0.1] - Cherry pick 05508ea98 ... oval:org.secpod.oval:def:708103 golang-1.18: Go programming language compiler - metapackage Several security issues were fixed in Go. oval:org.secpod.oval:def:2600231 Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. oval:org.secpod.oval:def:2501089 Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. oval:org.secpod.oval:def:507646 Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix: * golang: archive/tar: unbounded memory consumption when reading headers * golang: net/http/httputil: ReverseProxy should not forward unparseable qu ... oval:org.secpod.oval:def:507723 Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix: * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * golang: reg ... oval:org.secpod.oval:def:1506726 cockpit-composer [45-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095] [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New up ... oval:org.secpod.oval:def:1506766 [3.2.0-2] - Rebuild with Golang-1.19.4 - Resolves: #2163744 [3.2.0-1] - Update to version 3.2.0 - Resolves: #2139382 [2.13.3-2] - Define %gobuild macro with proper ldflags - Related: rhbz#2021549 [2.13.3-1] - Update to version 2.13.3 - Fixed round brackets in Provides - Moved manpages.tgz to look-a- ... oval:org.secpod.oval:def:507652 Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: net/http/httputil: Reve ... oval:org.secpod.oval:def:1506693 [3.2.0-1] - Update to 3.2.0 - Resolves: #2139383 [2.13.3-4] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [2.13.3-3] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [2.13.3-2] - Fixed name of source tarball - Fixed date in the latest changelog entry - Relate ... |