Download
| Alert*
oval:org.secpod.oval:def:19500239
html/template: improper sanitization of CSS valuesAngle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected ... oval:org.secpod.oval:def:1701718 The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars . This does not impact usages of crypto/ecdsa or crypto/ecdh. HTTP and MIME header parsing could allocate large amounts of memory, even when parsing small inputs. ... oval:org.secpod.oval:def:1601828 The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. http2/hpack: avoid quadratic complexity in hpack decoding Templates did not properly consider backticks as Javascript string delimiters, and as such didnot escape them ... oval:org.secpod.oval:def:1601710 html/template: improper sanitization of CSS valuesAngle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected ... oval:org.secpod.oval:def:2108045 Oracle Solaris 11 - ( CVE-2023-24539 ) oval:org.secpod.oval:def:1506588 golang [1.19.9-2] - Fix TestEncryptOAEP and TLS failures in FIPS mode - Resolves: rhbz#2204476 [1.19.9-1] - Rebase to Go 1.19.9 - Resolves: rhbz#2204476 go-toolset [1.19.9-1] - Update to Go 1.19.9 - Related: rhbz#2204476 oval:org.secpod.oval:def:89048814 This update for go1.19 fixes the following issues: Update to 1.19.9 : \- CVE-2023-24539: fixed an improper sanitization of CSS values . \- CVE-2023-24540: fixed an improper handling of JavaScript whitespace . \- CVE-2023-29400: fixed an improper handling of empty HTML attributes . \- runtime: automa ... oval:org.secpod.oval:def:2501106 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. oval:org.secpod.oval:def:708218 golang-1.19: Go programming language compiler - metapackage - golang-1.20: Go programming language compiler - metapackage Several security issues were fixed in Go. oval:org.secpod.oval:def:2600262 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. oval:org.secpod.oval:def:507776 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix: * golang: html/template: improper handling of JavaScript whitespace For more details about the security issue, in ... oval:org.secpod.oval:def:507775 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * golang: html/template: improper handling of JavaScript whitespace For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other relat ... oval:org.secpod.oval:def:4501428 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * golang: html/template: improper handling of JavaScript whitespace For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other relat ... oval:org.secpod.oval:def:1506579 delve [1.9.1-1.0.1] - Disable DWARF compression which has issues [1.9.1-1] - Rebase to 1.9.1 - Related: rhbz#2131026 golang [1.19.9-1] - Rebase to Go 1.19.9 - Resolves: rhbz#2204473 go-toolset [1.19.9-1] - Rebase to Go 1.19.9 - Resolves: rhbz#2204473 oval:org.secpod.oval:def:1701488 RESERVEDNOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E Golang: net/http, mime/multipart: denial of service from excessive resource consumption The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars . ... oval:org.secpod.oval:def:90537 golang-1.19: Go programming language compiler - metapackage Several security issues were fixed in Go. oval:org.secpod.oval:def:2600434 Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. oval:org.secpod.oval:def:508051 The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources ... oval:org.secpod.oval:def:508074 The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Docke ... oval:org.secpod.oval:def:508170 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents golang: html/template: improper handling of JavaScript whitespace net ... oval:org.secpod.oval:def:2600393 The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources ... oval:org.secpod.oval:def:2501244 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:1701863 The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. http2/hpack: avoid quadratic complexity in hpack decoding Templates did not properly consider backticks as Javascript string delimiters, and as such didnot escape them ... oval:org.secpod.oval:def:2600427 The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. oval:org.secpod.oval:def:2600429 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. oval:org.secpod.oval:def:1701880 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:508029 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix: golang: html/template: improper handling of JavaScript whitespace net/http, golang.org/x/net/ ... oval:org.secpod.oval:def:508100 Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML do ... oval:org.secpod.oval:def:2501232 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:508206 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents golang: html/template: improper handling of JavaScript whitespace net ... oval:org.secpod.oval:def:1701538 http2/hpack: avoid quadratic complexity in hpack decoding Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 cli ... oval:org.secpod.oval:def:1701857 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701531 http2/hpack: avoid quadratic complexity in hpack decoding Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 cli ... oval:org.secpod.oval:def:1701893 Templates did not properly consider backticks as Javascript string delimiters, and as such didnot escape them as expected. Backticks are used, since ES6, for JS template literals. If a templatecontained a Go template action within a Javascript template literal, the contents of the action couldbe us ... oval:org.secpod.oval:def:2600439 The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Docke ... |