Download
| Alert*
oval:org.secpod.oval:def:509430
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: jose-go: improper handling of highly compressed data podman: golang: net/ http: mem ... oval:org.secpod.oval:def:509436 The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Docke ... oval:org.secpod.oval:def:509439 A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fix: golang: net/ ... oval:org.secpod.oval:def:509442 The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources ... oval:org.secpod.oval:def:1507583 [4.9.4-4.0.1] - Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat require ... oval:org.secpod.oval:def:1507580 [1.33.7-2.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.7-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 - Resolves: RHEL-28731 oval:org.secpod.oval:def:1507581 [6:0.7.3-3] - rebuild for CVE-2023-45290 - Resolves: RHEL-28388 oval:org.secpod.oval:def:1507584 [1:1.4.0-3] - rebuild for CVE-2023-45290 - Resolves: RHEL-28384 oval:org.secpod.oval:def:3302457 Security update for go1.22 oval:org.secpod.oval:def:2108552 Oracle Solaris 11 - ( CVE-2023-45289 ) oval:org.secpod.oval:def:89051622 This update for go1.21 fixes the following issues: * Upgrade go to version 1.21.8 * CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect * CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm * CVE-2024-24783: cry ... oval:org.secpod.oval:def:509382 Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS golang: net/http/cook ... oval:org.secpod.oval:def:509304 The golang packages provide the Go programming language compiler. Security Fix: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads golang: net/ http: memory exhaustion in Request.ParseMultipartForm golang: net/http/cookiejar: incorrect forwarding of sensitive headers ... oval:org.secpod.oval:def:509388 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirec ... oval:org.secpod.oval:def:19500715 An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no mem ... oval:org.secpod.oval:def:1507512 [3.4.1-2] - Rebuild with new Golang - Resolves: RHEL-32570, RHEL-28385, RHEL-28402, RHEL-28432 oval:org.secpod.oval:def:2501448 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. oval:org.secpod.oval:def:2600604 The golang packages provide the Go programming language compiler. oval:org.secpod.oval:def:1702297 An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no mem ... oval:org.secpod.oval:def:5800254 Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix: * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS * golang: net/http/ ... oval:org.secpod.oval:def:2600624 Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. oval:org.secpod.oval:def:5800237 The golang packages provide the Go programming language compiler. Security Fix: * golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads * golang: net/http: memory exhaustion in Request.ParseMultipartForm * golang: net/http/cookiejar: incorrect forwarding of sensitive hea ... oval:org.secpod.oval:def:2501430 Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. oval:org.secpod.oval:def:1507500 [1.21.9-2] - Rebuilt for z-stream - Related: RHEL-24312 - Related: RHEL-28940 [1.21.9-1] - Fix CVE-2024-1394 - Fix CVE-2023-45288 - Resolves RHEL-24312 - Resolves RHEL-28940 [1.21.7-1] - Rebase to Go 1.21.7 - Set GOTOOLCHAIN to local - Resolves: RHEL-24334 - Resolves: RHEL-18364 - Resolves: RHEL-183 ... oval:org.secpod.oval:def:1507561 delve golang [1.21.9-1] - Fix CVE-2023-45288 - Resolves: RHEL-31915 go-toolset [1.21.9-1] - Fix CVE-2023-45288 - Resolves: RHEL-31915 oval:org.secpod.oval:def:509317 Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS golang: net/http/cook ... oval:org.secpod.oval:def:1507542 [3.4.1-2] - Rebuild with new Golang - Resolves: RHEL-32543, RHEL-28377, RHEL-28399, RHEL-28423 [3.4.1-1] - Update to version 3.4.1 - Resolves: RHEL-17102 oval:org.secpod.oval:def:2600655 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. oval:org.secpod.oval:def:2600654 The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Docke ... oval:org.secpod.oval:def:2600648 A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. oval:org.secpod.oval:def:2600652 The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources ... |