Download
| Alert*
oval:org.secpod.oval:def:509240
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix: golang: net/http/internal: Denial of Service via Resource Consumption via HTTP requests gola ... oval:org.secpod.oval:def:2600612 The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Docke ... oval:org.secpod.oval:def:509121 The rhc-worker-script packages provide Remote Host Configuration worker for executing an interpreted programming language script on hosts managed by Red Hat Insights. Security Fix: golang: net/http/internal: Denial of Service via Resource Consumption via HTTP requests For more details about the s ... oval:org.secpod.oval:def:19500582 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes f ... oval:org.secpod.oval:def:2501339 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. oval:org.secpod.oval:def:2600570 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. oval:org.secpod.oval:def:509122 The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix: golang: net/http/internal: Denial of Service via Resource Consumption via HTTP requests For more details about the security issue, i ... oval:org.secpod.oval:def:19500589 AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the container's file system nam ... oval:org.secpod.oval:def:509246 The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Docke ... oval:org.secpod.oval:def:1702111 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could le ... oval:org.secpod.oval:def:1702195 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes f ... oval:org.secpod.oval:def:1702061 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes f ... oval:org.secpod.oval:def:2108479 Oracle Solaris 11 - ( CVE-2023-45285 ) oval:org.secpod.oval:def:19500630 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data when a handler ... oval:org.secpod.oval:def:2600583 The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources ... oval:org.secpod.oval:def:509255 Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix: golang: html/template: improper handling of HTML-like comments within script contexts golang ... oval:org.secpod.oval:def:1507368 buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp oci-seccomp-bpf-hook podman [2:4.0.2-26] - rebuild with golang 1.20.12 for CVE-2023-39326 python-podman runc [1:1.1.12-1.0.1] - rebuild with golang 1.20.12 for CVE-2023-393 ... oval:org.secpod.oval:def:19500549 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data when a handler ... oval:org.secpod.oval:def:19500701 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data when a handler ... oval:org.secpod.oval:def:1702024 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data when a handler ... oval:org.secpod.oval:def:3302102 Security update for go1.20 oval:org.secpod.oval:def:1702101 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could le ... oval:org.secpod.oval:def:1702267 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data when a handler ... oval:org.secpod.oval:def:3302105 Security update for go1.21-openssl oval:org.secpod.oval:def:1601870 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data when a handler ... oval:org.secpod.oval:def:2600513 The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. oval:org.secpod.oval:def:2600595 Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. oval:org.secpod.oval:def:1507371 [1.20.12-1] - Rebase to 1.20.12 - Fix CVE-2023-45285 CVE-2023-39326 oval:org.secpod.oval:def:1507493 buildah [1.24.7-1] - bump to v1.24.7 - Resolves: RHEL-26767 cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp oci-seccomp-bpf-hook podman python-podman runc [1.1.12-1.0.1] - rebuild with golang 1.20.12 for CVE-2023-39326 skopeo sl ... oval:org.secpod.oval:def:509107 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: golang: net/http/internal: Denial of Service via Resource Consumption via HTTP requests golang: cmd/go: Protocol Fallback when fetching modules For more details about the securi ... oval:org.secpod.oval:def:509228 The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources ... oval:org.secpod.oval:def:3302172 Security update for go1.21 oval:org.secpod.oval:def:2501323 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:127027 The Go Programming Language. oval:org.secpod.oval:def:3302135 Security update for go1.20-openssl oval:org.secpod.oval:def:509393 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect golang: math/big.Rat: may cause a panic or an unrecoverable fatal err ... oval:org.secpod.oval:def:509030 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: runc: file descriptor leak A Red Hat Security Bulletin which addresses further details about the Leaky Vessels flaw is available in the References section. golang: net/ht ... oval:org.secpod.oval:def:509110 The golang packages provide the Go programming language compiler. Security Fix: golang: net/http/internal: Denial of Service via Resource Consumption via HTTP requests golang: cmd/go: Protocol Fallback when fetching modules For more details about the security issue, including the impact, a CVSS s ... oval:org.secpod.oval:def:708697 golang-1.20: Go programming language compiler - golang-1.21: Go programming language compiler Several security issues were fixed in Go. oval:org.secpod.oval:def:1507381 [2:1.13.3-4] - Rebuild with golang 1.20.12: golang:net/http/internal: Denial of Service via Resource Consumption via HTTP requests oval:org.secpod.oval:def:1507340 delve [1.20.2-1.0.1] - Disable DWARF compression which has issues [1.20.2-1] - Rebase to 1.20.2 - Resolves: rhbz#2186495 golang [1.20.12-1] - Update to Go 1.20.12 - Fix CVE-2023-39326 CVE-2023-45285 go-toolset [1.20.12-1] - Update to Go 1.20.12 - CVE-2023-39326 golang: net/http/internal: Denial of ... oval:org.secpod.oval:def:19500733 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data when a handler ... oval:org.secpod.oval:def:19500732 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data when a handler ... oval:org.secpod.oval:def:98655 golang-1.20: Go programming language compiler - golang-1.21: Go programming language compiler Several security issues were fixed in Go. oval:org.secpod.oval:def:19500698 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data when a handler ... oval:org.secpod.oval:def:19500609 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data when a handler ... oval:org.secpod.oval:def:1702124 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data when a handler ... oval:org.secpod.oval:def:2600515 The golang packages provide the Go programming language compiler. oval:org.secpod.oval:def:1702284 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data when a handler ... |