http2/hpack: avoid quadratic complexity in hpack decoding (CVE-2022-41723)
The HTTP/1 client does not fully validate the contents of the Host header A maliciously crafted Host header can inject additional headers or entire requests With fix, the HTTP/1 client now refuses to send requests containing an invalid RequestHost or RequestURLHost valu ...
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can res ...
Description<!---->A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page This flaw allows the attacker to conduct various attacks agains ...
Synopsis
Important: Cryostat security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Cryostat 2 on RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available ...
Synopsis
Moderate: podman security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for podman is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated th ...
Synopsis
Moderate: container-tools:40 security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the container-tools:40 module is now available for Red Hat Enterprise Linux 8Red Hat Produc ...
概述
Important: OpenShift Container Platform 41245 bug fix and security update
类型/严重性
Security Advisory: Important
标题
Red Hat OpenShift Container Platform release 41245 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShi ...
概要
Important: OpenShift Container Platform 41324 bug fix and security update
タイプ/重大度
Security Advisory: Important
トピック
Red Hat OpenShift Container Platform release 41324 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Ha ...
Synopsis
Important: go-toolset:rhel8 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has r ...
Synopsis
Moderate: OpenShift Container Platform 41410 packages and security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
Red Hat OpenShift Container Platform release 41410 is now available with updates to pac ...
Synopsis
Important: Release of OpenShift Serverless 1302
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Serverless version 1302 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severit ...
Synopsis
Important: OpenShift Container Platform 4142 packages and security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
Red Hat OpenShift Container Platform release 4142 is now available with updates to pac ...
Synopsis
Important: Network Observability security update
Type/Severity
Security Advisory: Important
Topic
An update for network-observability-console-plugin-container, network-observability-ebpf-agent-container, network-observability-flowlogs-pipeline-container, network-observability-operator-bundle-container, and network-observability-opera ...
Synopsis
Important: Logging Subsystem 577 - Red Hat OpenShift security update
Type/Severity
Security Advisory: Important
Topic
Logging Subsystem 577 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sev ...
Synopsis
Important: Logging Subsystem 5612 - Red Hat OpenShift security update
Type/Severity
Security Advisory: Important
Topic
Logging Subsystem 5612 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed s ...
概述
Important: Red Hat OpenStack Platform 1625 security update
类型/严重性
Security Advisory: Important
标题
An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 1625Red Hat Produ ...
Synopsis
Important: Service Telemetry Framework 152 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Service Telemetry Framework 152Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Synopsis
Important: Release of OpenShift Serverless Client kn 1302 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
Red Hat OpenShift Serverless 1302 is now availableRed Hat Product Security has rated ...
Synopsis
Important: go-toolset and golang security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9Red Hat Product Sec ...
Synopsis
Important: OpenShift Container Platform 41322 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 41322 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Synopsis
Important: OpenShift Container Platform 4142 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 4142 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...
Synopsis
Important: OpenShift Container Platform 4144 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 4144 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...
Synopsis
Moderate: containernetworking-plugins security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9Red Hat P ...
Synopsis
Moderate: skopeo security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for skopeo is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a secu ...
Synopsis
Moderate: toolbox security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for toolbox is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as ...
Synopsis
Moderate: buildah security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for buildah is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a se ...
The HTTP/1 client does not fully validate the contents of the Host header A maliciously crafted Host header can inject additional headers or entire requests With fix, the HTTP/1 client now refuses to send requests containing an invalid RequestHost or RequestURLHost value (CVE-2023-29406) ...
The HTTP/1 client does not fully validate the contents of the Host header A maliciously crafted Host header can inject additional headers or entire requests With fix, the HTTP/1 client now refuses to send requests containing an invalid RequestHost or RequestURLHost value (CVE-2023-29406) ...
The HTTP/1 client does not fully validate the contents of the Host header A maliciously crafted Host header can inject additional headers or entire requests With fix, the HTTP/1 client now refuses to send requests containing an invalid RequestHost or RequestURLHost value (CVE-2023-29406) ...
The HTTP/1 client does not fully validate the contents of the Host header A maliciously crafted Host header can inject additional headers or entire requests With fix, the HTTP/1 client now refuses to send requests containing an invalid RequestHost or RequestURLHost value (CVE-2023-29406) ...
http2/hpack: avoid quadratic complexity in hpack decoding (CVE-2022-41723)
The HTTP/1 client does not fully validate the contents of the Host header A maliciously crafted Host header can inject additional headers or entire requests With fix, the HTTP/1 client now refuses to send requests containing an invalid RequestHost or RequestURLHost valu ...
The HTTP/1 client does not fully validate the contents of the Host header A maliciously crafted Host header can inject additional headers or entire requests With fix, the HTTP/1 client now refuses to send requests containing an invalid RequestHost or RequestURLHost value (CVE-2023-29406) ...
http2/hpack: avoid quadratic complexity in hpack decoding (CVE-2022-41723)
Large handshake records may cause panics in crypto/tls Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses This affects all TLS 13 clients, TLS 12 clients which expli ...
http2/hpack: avoid quadratic complexity in hpack decoding (CVE-2022-41723)
The HTTP/1 client does not fully validate the contents of the Host header A maliciously crafted Host header can inject additional headers or entire requests With fix, the HTTP/1 client now refuses to send requests containing an invalid RequestHost or RequestURLHost valu ...
The HTTP/1 client does not fully validate the contents of the Host header A maliciously crafted Host header can inject additional headers or entire requests With fix, the HTTP/1 client now refuses to send requests containing an invalid RequestHost or RequestURLHost value (CVE-2023-29406) ...
http2/hpack: avoid quadratic complexity in hpack decoding (CVE-2022-41723)
Large handshake records may cause panics in crypto/tls Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses This affects all TLS 13 clients, TLS 12 clients which expli ...