Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-41717 (GCVE-0-2022-41717)
Vulnerability from cvelistv5 – Published: 2022-12-08 19:03 – Updated: 2025-02-13 16:33
VLAI
EPSS
Title
Excessive memory growth in net/http and golang.org/x/net/http2
Summary
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
Severity
5.3 (Medium)
CWE
- CWE 400: Uncontrolled Resource Consumption
Assigner
References
24 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/http |
Affected:
0 , < 1.18.9
(semver)
Affected: 1.19.0-0 , < 1.19.4 (semver) |
|
| golang.org/x/net | golang.org/x/net/http2 |
Affected:
0 , < 0.4.0
(semver)
|
Credits
Josselin Costanzi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230120-0008/"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/56350"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/455717"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/455635"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "http2serverConn.canonicalHeader"
},
{
"name": "ListenAndServe"
},
{
"name": "ListenAndServeTLS"
},
{
"name": "Serve"
},
{
"name": "ServeTLS"
},
{
"name": "Server.ListenAndServe"
},
{
"name": "Server.ListenAndServeTLS"
},
{
"name": "Server.Serve"
},
{
"name": "Server.ServeTLS"
},
{
"name": "http2Server.ServeConn"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.18.9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.19.4",
"status": "affected",
"version": "1.19.0-0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2",
"product": "golang.org/x/net/http2",
"programRoutines": [
{
"name": "serverConn.canonicalHeader"
},
{
"name": "Server.ServeConn"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Josselin Costanzi"
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-18T02:06:25.182Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/56350"
},
{
"url": "https://go.dev/cl/455717"
},
{
"url": "https://go.dev/cl/455635"
},
{
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
}
],
"title": "Excessive memory growth in net/http and golang.org/x/net/http2"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2022-41717",
"datePublished": "2022-12-08T19:03:53.161Z",
"dateReserved": "2022-09-28T17:00:06.608Z",
"dateUpdated": "2025-02-13T16:33:08.284Z",
"requesterUserId": "7d08541a-cd0a-42e2-8f81-76e6ceb65fc3",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-41717",
"date": "2026-06-20",
"epss": "0.05623",
"percentile": "0.9194"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.18.9\", \"matchCriteriaId\": \"E0CD51B1-029E-442F-BE6A-772F4754D240\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.19.0\", \"versionEndExcluding\": \"1.19.4\", \"matchCriteriaId\": \"B6AEBFD1-DEE2-40E0-B65C-8C7885014797\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\", \"versionEndExcluding\": \"0.4.0\", \"matchCriteriaId\": \"BBFC0CE7-CD35-4FCF-A37A-DBC5D6DA16D2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.\"}, {\"lang\": \"es\", \"value\": \"Un atacante puede provocar un crecimiento excesivo de la memoria en un servidor Go que acepta solicitudes HTTP/2. Las conexiones del servidor HTTP/2 contienen un cach\\u00e9 de claves de encabezado HTTP enviadas por el cliente. Si bien el n\\u00famero total de entradas en esta cach\\u00e9 est\\u00e1 limitado, un atacante que env\\u00eda claves muy grandes puede hacer que el servidor asigne aproximadamente 64 MiB por conexi\\u00f3n abierta.\"}]",
"id": "CVE-2022-41717",
"lastModified": "2024-11-21T07:23:43.713",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
"published": "2022-12-08T20:15:10.330",
"references": "[{\"url\": \"https://go.dev/cl/455635\", \"source\": \"security@golang.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://go.dev/cl/455717\", \"source\": \"security@golang.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://go.dev/issue/56350\", \"source\": \"security@golang.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2022-1144\", \"source\": \"security@golang.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"source\": \"security@golang.org\"}, {\"url\": \"https://go.dev/cl/455635\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://go.dev/cl/455717\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://go.dev/issue/56350\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2022-1144\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230120-0008/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@golang.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-41717\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2022-12-08T20:15:10.330\",\"lastModified\":\"2024-11-21T07:23:43.713\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.\"},{\"lang\":\"es\",\"value\":\"Un atacante puede provocar un crecimiento excesivo de la memoria en un servidor Go que acepta solicitudes HTTP/2. Las conexiones del servidor HTTP/2 contienen un cach\u00e9 de claves de encabezado HTTP enviadas por el cliente. Si bien el n\u00famero total de entradas en esta cach\u00e9 est\u00e1 limitado, un atacante que env\u00eda claves muy grandes puede hacer que el servidor asigne aproximadamente 64 MiB por conexi\u00f3n abierta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.18.9\",\"matchCriteriaId\":\"E0CD51B1-029E-442F-BE6A-772F4754D240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.19.0\",\"versionEndExcluding\":\"1.19.4\",\"matchCriteriaId\":\"B6AEBFD1-DEE2-40E0-B65C-8C7885014797\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.4.0\",\"matchCriteriaId\":\"BBFC0CE7-CD35-4FCF-A37A-DBC5D6DA16D2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/455635\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/455717\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/56350\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2022-1144\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/cl/455635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/455717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/56350\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2022-1144\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230120-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2023:1448
Vulnerability from csaf_redhat - Published: 2023-03-23 17:47 - Updated: 2026-06-02 17:38Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.3.2 security update
Severity
Moderate
Notes
Topic: Red Hat OpenShift Service Mesh Containers for 2.3.2
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
This advisory covers container images for the release.
Security Fix(es):
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:1794453b96ced9d22eb62b0562ceb3d313966326e1f4c58812d630c96b768a0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:598e956427dff0259d57b886c58bb0b464829c8c034b345ee65ad39d41eeaf41_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f20849d738ee38b5e65710c51ae30f7dd5c5e1386734e2c9d07271ae04f9de7e_ppc64le | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:1586092c783997486caf507909dfe82c6a73a3e236d78df0698630995654d00e_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:b630debe0d30be952695b9eabe2ad29f614f90c9973d0c704d45cddf4dc3ad12_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:fa18b7ca16b6f6bd03ba6c0fc7c647ded334c1713aeb4dde3e6e19bb153de52d_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:5e79124bf500b50aa64d74fe10e0b54063e4b2a5c9cc622ce0e513fa53f78036_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:b84c8f922f4fdf1fafcc39d54f067ac2b195d5eb9a49271e7a72ee2623beee5b_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:e7208fafea3cabd16b976aba8ec649fee589477de3f85faa8c05783f4fb5222c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:0efbfe363d9104480489e0c431ae264f91d4ec432b1f14feccde3a3a1067013b_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:0f36d61ab5401d75c227a4b433bedc7f85f1105d91c6993f446ff16a2b61d01a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c59da7a08a8d5cb7f6e55b004abf176b90b98bc9543258e193a16704fe3f3a25_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:9b5baf148eb685bb0df69a0df77f1b0586d402cf4f176909ea634e68bfa03437_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e9a383779773f4639d5465fa207c5f90eb0e19a9e51167d3427dcf03c53786e6_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:ff9420d2ba85f009dc044d50cdca7fc98fcc0bb4ee435d0099c2f5da0055d1a3_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:403b41d0376cd61ad05941390a24943db7c8f7100f0f77150001bc76b744d1dd_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:5c52a4379e5fb1b512e312ed917347fef086c9ac9a80e8c9121a0155f4d6cfff_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:de6ccdd5ea9a2562911688db024be0d1d3c118f7d7ada739c11725689a5404ea_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:131d2f3c8fc631ddd6953ede3392eac0363a4cc485d1b11caf94c9c5572ed43c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:6e1500b69e5e799d70d5e89a25cb5dc92f285f0e05d5a4140a11c4aae2e1872e_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:c18406727f0b0c50873f9db2fcd9922e845bdaa0cbc35b79f70a8214e5a27359_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:a98496cb8953923f0afc48ad87d22ff7ab350d96fdeaabbb9b98aefcddc73b33_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:ad56935d5b58add2e96d76217ffdc29fa86a549e95cd981e119dfe05d5d7084e_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:f1c2b832d9dcda35e7eda92e3c81ad86956b8a4e02cf0fd465bc719549f8d317_ppc64le | — |
Threats
Impact
Moderate
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh Containers for 2.3.2\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers container images for the release.\n\nSecurity Fix(es):\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1448",
"url": "https://access.redhat.com/errata/RHSA-2023:1448"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "OSSM-1330",
"url": "https://issues.redhat.com/browse/OSSM-1330"
},
{
"category": "external",
"summary": "OSSM-2342",
"url": "https://issues.redhat.com/browse/OSSM-2342"
},
{
"category": "external",
"summary": "OSSM-2371",
"url": "https://issues.redhat.com/browse/OSSM-2371"
},
{
"category": "external",
"summary": "OSSM-2373",
"url": "https://issues.redhat.com/browse/OSSM-2373"
},
{
"category": "external",
"summary": "OSSM-2374",
"url": "https://issues.redhat.com/browse/OSSM-2374"
},
{
"category": "external",
"summary": "OSSM-2492",
"url": "https://issues.redhat.com/browse/OSSM-2492"
},
{
"category": "external",
"summary": "OSSM-2493",
"url": "https://issues.redhat.com/browse/OSSM-2493"
},
{
"category": "external",
"summary": "OSSM-3317",
"url": "https://issues.redhat.com/browse/OSSM-3317"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1448.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.3.2 security update",
"tracking": {
"current_release_date": "2026-06-02T17:38:32+00:00",
"generator": {
"date": "2026-06-02T17:38:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:1448",
"initial_release_date": "2023-03-23T17:47:08+00:00",
"revision_history": [
{
"date": "2023-03-23T17:47:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-23T17:47:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:38:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.3 for RHEL 8",
"product": {
"name": "RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:e7208fafea3cabd16b976aba8ec649fee589477de3f85faa8c05783f4fb5222c_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:e7208fafea3cabd16b976aba8ec649fee589477de3f85faa8c05783f4fb5222c_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:e7208fafea3cabd16b976aba8ec649fee589477de3f85faa8c05783f4fb5222c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:e7208fafea3cabd16b976aba8ec649fee589477de3f85faa8c05783f4fb5222c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.3.2-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:b630debe0d30be952695b9eabe2ad29f614f90c9973d0c704d45cddf4dc3ad12_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:b630debe0d30be952695b9eabe2ad29f614f90c9973d0c704d45cddf4dc3ad12_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:b630debe0d30be952695b9eabe2ad29f614f90c9973d0c704d45cddf4dc3ad12_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:b630debe0d30be952695b9eabe2ad29f614f90c9973d0c704d45cddf4dc3ad12?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.3.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:f20849d738ee38b5e65710c51ae30f7dd5c5e1386734e2c9d07271ae04f9de7e_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:f20849d738ee38b5e65710c51ae30f7dd5c5e1386734e2c9d07271ae04f9de7e_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:f20849d738ee38b5e65710c51ae30f7dd5c5e1386734e2c9d07271ae04f9de7e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:f20849d738ee38b5e65710c51ae30f7dd5c5e1386734e2c9d07271ae04f9de7e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.57.6-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:0f36d61ab5401d75c227a4b433bedc7f85f1105d91c6993f446ff16a2b61d01a_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:0f36d61ab5401d75c227a4b433bedc7f85f1105d91c6993f446ff16a2b61d01a_ppc64le",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:0f36d61ab5401d75c227a4b433bedc7f85f1105d91c6993f446ff16a2b61d01a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:0f36d61ab5401d75c227a4b433bedc7f85f1105d91c6993f446ff16a2b61d01a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.3.2-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:e9a383779773f4639d5465fa207c5f90eb0e19a9e51167d3427dcf03c53786e6_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:e9a383779773f4639d5465fa207c5f90eb0e19a9e51167d3427dcf03c53786e6_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:e9a383779773f4639d5465fa207c5f90eb0e19a9e51167d3427dcf03c53786e6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:e9a383779773f4639d5465fa207c5f90eb0e19a9e51167d3427dcf03c53786e6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.3.2-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:5c52a4379e5fb1b512e312ed917347fef086c9ac9a80e8c9121a0155f4d6cfff_ppc64le",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:5c52a4379e5fb1b512e312ed917347fef086c9ac9a80e8c9121a0155f4d6cfff_ppc64le",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:5c52a4379e5fb1b512e312ed917347fef086c9ac9a80e8c9121a0155f4d6cfff_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:5c52a4379e5fb1b512e312ed917347fef086c9ac9a80e8c9121a0155f4d6cfff?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.3.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:131d2f3c8fc631ddd6953ede3392eac0363a4cc485d1b11caf94c9c5572ed43c_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:131d2f3c8fc631ddd6953ede3392eac0363a4cc485d1b11caf94c9c5572ed43c_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:131d2f3c8fc631ddd6953ede3392eac0363a4cc485d1b11caf94c9c5572ed43c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:131d2f3c8fc631ddd6953ede3392eac0363a4cc485d1b11caf94c9c5572ed43c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.3.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:f1c2b832d9dcda35e7eda92e3c81ad86956b8a4e02cf0fd465bc719549f8d317_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:f1c2b832d9dcda35e7eda92e3c81ad86956b8a4e02cf0fd465bc719549f8d317_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:f1c2b832d9dcda35e7eda92e3c81ad86956b8a4e02cf0fd465bc719549f8d317_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:f1c2b832d9dcda35e7eda92e3c81ad86956b8a4e02cf0fd465bc719549f8d317?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.3.2-3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:b84c8f922f4fdf1fafcc39d54f067ac2b195d5eb9a49271e7a72ee2623beee5b_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:b84c8f922f4fdf1fafcc39d54f067ac2b195d5eb9a49271e7a72ee2623beee5b_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:b84c8f922f4fdf1fafcc39d54f067ac2b195d5eb9a49271e7a72ee2623beee5b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:b84c8f922f4fdf1fafcc39d54f067ac2b195d5eb9a49271e7a72ee2623beee5b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.3.2-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:fa18b7ca16b6f6bd03ba6c0fc7c647ded334c1713aeb4dde3e6e19bb153de52d_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:fa18b7ca16b6f6bd03ba6c0fc7c647ded334c1713aeb4dde3e6e19bb153de52d_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:fa18b7ca16b6f6bd03ba6c0fc7c647ded334c1713aeb4dde3e6e19bb153de52d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:fa18b7ca16b6f6bd03ba6c0fc7c647ded334c1713aeb4dde3e6e19bb153de52d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.3.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:1794453b96ced9d22eb62b0562ceb3d313966326e1f4c58812d630c96b768a0f_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:1794453b96ced9d22eb62b0562ceb3d313966326e1f4c58812d630c96b768a0f_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:1794453b96ced9d22eb62b0562ceb3d313966326e1f4c58812d630c96b768a0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:1794453b96ced9d22eb62b0562ceb3d313966326e1f4c58812d630c96b768a0f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.57.6-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:0efbfe363d9104480489e0c431ae264f91d4ec432b1f14feccde3a3a1067013b_amd64",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:0efbfe363d9104480489e0c431ae264f91d4ec432b1f14feccde3a3a1067013b_amd64",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:0efbfe363d9104480489e0c431ae264f91d4ec432b1f14feccde3a3a1067013b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:0efbfe363d9104480489e0c431ae264f91d4ec432b1f14feccde3a3a1067013b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.3.2-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:ff9420d2ba85f009dc044d50cdca7fc98fcc0bb4ee435d0099c2f5da0055d1a3_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:ff9420d2ba85f009dc044d50cdca7fc98fcc0bb4ee435d0099c2f5da0055d1a3_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:ff9420d2ba85f009dc044d50cdca7fc98fcc0bb4ee435d0099c2f5da0055d1a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:ff9420d2ba85f009dc044d50cdca7fc98fcc0bb4ee435d0099c2f5da0055d1a3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.3.2-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:de6ccdd5ea9a2562911688db024be0d1d3c118f7d7ada739c11725689a5404ea_amd64",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:de6ccdd5ea9a2562911688db024be0d1d3c118f7d7ada739c11725689a5404ea_amd64",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:de6ccdd5ea9a2562911688db024be0d1d3c118f7d7ada739c11725689a5404ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:de6ccdd5ea9a2562911688db024be0d1d3c118f7d7ada739c11725689a5404ea?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.3.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:6e1500b69e5e799d70d5e89a25cb5dc92f285f0e05d5a4140a11c4aae2e1872e_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:6e1500b69e5e799d70d5e89a25cb5dc92f285f0e05d5a4140a11c4aae2e1872e_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:6e1500b69e5e799d70d5e89a25cb5dc92f285f0e05d5a4140a11c4aae2e1872e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:6e1500b69e5e799d70d5e89a25cb5dc92f285f0e05d5a4140a11c4aae2e1872e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.3.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:a98496cb8953923f0afc48ad87d22ff7ab350d96fdeaabbb9b98aefcddc73b33_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:a98496cb8953923f0afc48ad87d22ff7ab350d96fdeaabbb9b98aefcddc73b33_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:a98496cb8953923f0afc48ad87d22ff7ab350d96fdeaabbb9b98aefcddc73b33_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:a98496cb8953923f0afc48ad87d22ff7ab350d96fdeaabbb9b98aefcddc73b33?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.3.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:5e79124bf500b50aa64d74fe10e0b54063e4b2a5c9cc622ce0e513fa53f78036_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:5e79124bf500b50aa64d74fe10e0b54063e4b2a5c9cc622ce0e513fa53f78036_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:5e79124bf500b50aa64d74fe10e0b54063e4b2a5c9cc622ce0e513fa53f78036_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:5e79124bf500b50aa64d74fe10e0b54063e4b2a5c9cc622ce0e513fa53f78036?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.3.2-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:1586092c783997486caf507909dfe82c6a73a3e236d78df0698630995654d00e_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:1586092c783997486caf507909dfe82c6a73a3e236d78df0698630995654d00e_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:1586092c783997486caf507909dfe82c6a73a3e236d78df0698630995654d00e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:1586092c783997486caf507909dfe82c6a73a3e236d78df0698630995654d00e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.3.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:598e956427dff0259d57b886c58bb0b464829c8c034b345ee65ad39d41eeaf41_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:598e956427dff0259d57b886c58bb0b464829c8c034b345ee65ad39d41eeaf41_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:598e956427dff0259d57b886c58bb0b464829c8c034b345ee65ad39d41eeaf41_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:598e956427dff0259d57b886c58bb0b464829c8c034b345ee65ad39d41eeaf41?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.57.6-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:c59da7a08a8d5cb7f6e55b004abf176b90b98bc9543258e193a16704fe3f3a25_s390x",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:c59da7a08a8d5cb7f6e55b004abf176b90b98bc9543258e193a16704fe3f3a25_s390x",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:c59da7a08a8d5cb7f6e55b004abf176b90b98bc9543258e193a16704fe3f3a25_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:c59da7a08a8d5cb7f6e55b004abf176b90b98bc9543258e193a16704fe3f3a25?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.3.2-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:9b5baf148eb685bb0df69a0df77f1b0586d402cf4f176909ea634e68bfa03437_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:9b5baf148eb685bb0df69a0df77f1b0586d402cf4f176909ea634e68bfa03437_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:9b5baf148eb685bb0df69a0df77f1b0586d402cf4f176909ea634e68bfa03437_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:9b5baf148eb685bb0df69a0df77f1b0586d402cf4f176909ea634e68bfa03437?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.3.2-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:403b41d0376cd61ad05941390a24943db7c8f7100f0f77150001bc76b744d1dd_s390x",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:403b41d0376cd61ad05941390a24943db7c8f7100f0f77150001bc76b744d1dd_s390x",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:403b41d0376cd61ad05941390a24943db7c8f7100f0f77150001bc76b744d1dd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:403b41d0376cd61ad05941390a24943db7c8f7100f0f77150001bc76b744d1dd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.3.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:c18406727f0b0c50873f9db2fcd9922e845bdaa0cbc35b79f70a8214e5a27359_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:c18406727f0b0c50873f9db2fcd9922e845bdaa0cbc35b79f70a8214e5a27359_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:c18406727f0b0c50873f9db2fcd9922e845bdaa0cbc35b79f70a8214e5a27359_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:c18406727f0b0c50873f9db2fcd9922e845bdaa0cbc35b79f70a8214e5a27359?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.3.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:ad56935d5b58add2e96d76217ffdc29fa86a549e95cd981e119dfe05d5d7084e_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:ad56935d5b58add2e96d76217ffdc29fa86a549e95cd981e119dfe05d5d7084e_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:ad56935d5b58add2e96d76217ffdc29fa86a549e95cd981e119dfe05d5d7084e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:ad56935d5b58add2e96d76217ffdc29fa86a549e95cd981e119dfe05d5d7084e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.3.2-3"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:1586092c783997486caf507909dfe82c6a73a3e236d78df0698630995654d00e_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:1586092c783997486caf507909dfe82c6a73a3e236d78df0698630995654d00e_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:1586092c783997486caf507909dfe82c6a73a3e236d78df0698630995654d00e_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:b630debe0d30be952695b9eabe2ad29f614f90c9973d0c704d45cddf4dc3ad12_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:b630debe0d30be952695b9eabe2ad29f614f90c9973d0c704d45cddf4dc3ad12_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:b630debe0d30be952695b9eabe2ad29f614f90c9973d0c704d45cddf4dc3ad12_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:fa18b7ca16b6f6bd03ba6c0fc7c647ded334c1713aeb4dde3e6e19bb153de52d_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:fa18b7ca16b6f6bd03ba6c0fc7c647ded334c1713aeb4dde3e6e19bb153de52d_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:fa18b7ca16b6f6bd03ba6c0fc7c647ded334c1713aeb4dde3e6e19bb153de52d_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:5e79124bf500b50aa64d74fe10e0b54063e4b2a5c9cc622ce0e513fa53f78036_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:5e79124bf500b50aa64d74fe10e0b54063e4b2a5c9cc622ce0e513fa53f78036_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:5e79124bf500b50aa64d74fe10e0b54063e4b2a5c9cc622ce0e513fa53f78036_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:b84c8f922f4fdf1fafcc39d54f067ac2b195d5eb9a49271e7a72ee2623beee5b_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:b84c8f922f4fdf1fafcc39d54f067ac2b195d5eb9a49271e7a72ee2623beee5b_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:b84c8f922f4fdf1fafcc39d54f067ac2b195d5eb9a49271e7a72ee2623beee5b_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:e7208fafea3cabd16b976aba8ec649fee589477de3f85faa8c05783f4fb5222c_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:e7208fafea3cabd16b976aba8ec649fee589477de3f85faa8c05783f4fb5222c_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:e7208fafea3cabd16b976aba8ec649fee589477de3f85faa8c05783f4fb5222c_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:0efbfe363d9104480489e0c431ae264f91d4ec432b1f14feccde3a3a1067013b_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:0efbfe363d9104480489e0c431ae264f91d4ec432b1f14feccde3a3a1067013b_amd64"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:0efbfe363d9104480489e0c431ae264f91d4ec432b1f14feccde3a3a1067013b_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:0f36d61ab5401d75c227a4b433bedc7f85f1105d91c6993f446ff16a2b61d01a_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:0f36d61ab5401d75c227a4b433bedc7f85f1105d91c6993f446ff16a2b61d01a_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:0f36d61ab5401d75c227a4b433bedc7f85f1105d91c6993f446ff16a2b61d01a_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:c59da7a08a8d5cb7f6e55b004abf176b90b98bc9543258e193a16704fe3f3a25_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c59da7a08a8d5cb7f6e55b004abf176b90b98bc9543258e193a16704fe3f3a25_s390x"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:c59da7a08a8d5cb7f6e55b004abf176b90b98bc9543258e193a16704fe3f3a25_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:1794453b96ced9d22eb62b0562ceb3d313966326e1f4c58812d630c96b768a0f_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:1794453b96ced9d22eb62b0562ceb3d313966326e1f4c58812d630c96b768a0f_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:1794453b96ced9d22eb62b0562ceb3d313966326e1f4c58812d630c96b768a0f_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:598e956427dff0259d57b886c58bb0b464829c8c034b345ee65ad39d41eeaf41_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:598e956427dff0259d57b886c58bb0b464829c8c034b345ee65ad39d41eeaf41_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:598e956427dff0259d57b886c58bb0b464829c8c034b345ee65ad39d41eeaf41_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:f20849d738ee38b5e65710c51ae30f7dd5c5e1386734e2c9d07271ae04f9de7e_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f20849d738ee38b5e65710c51ae30f7dd5c5e1386734e2c9d07271ae04f9de7e_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:f20849d738ee38b5e65710c51ae30f7dd5c5e1386734e2c9d07271ae04f9de7e_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:9b5baf148eb685bb0df69a0df77f1b0586d402cf4f176909ea634e68bfa03437_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:9b5baf148eb685bb0df69a0df77f1b0586d402cf4f176909ea634e68bfa03437_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:9b5baf148eb685bb0df69a0df77f1b0586d402cf4f176909ea634e68bfa03437_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:e9a383779773f4639d5465fa207c5f90eb0e19a9e51167d3427dcf03c53786e6_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e9a383779773f4639d5465fa207c5f90eb0e19a9e51167d3427dcf03c53786e6_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:e9a383779773f4639d5465fa207c5f90eb0e19a9e51167d3427dcf03c53786e6_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:ff9420d2ba85f009dc044d50cdca7fc98fcc0bb4ee435d0099c2f5da0055d1a3_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:ff9420d2ba85f009dc044d50cdca7fc98fcc0bb4ee435d0099c2f5da0055d1a3_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:ff9420d2ba85f009dc044d50cdca7fc98fcc0bb4ee435d0099c2f5da0055d1a3_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:403b41d0376cd61ad05941390a24943db7c8f7100f0f77150001bc76b744d1dd_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:403b41d0376cd61ad05941390a24943db7c8f7100f0f77150001bc76b744d1dd_s390x"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:403b41d0376cd61ad05941390a24943db7c8f7100f0f77150001bc76b744d1dd_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:5c52a4379e5fb1b512e312ed917347fef086c9ac9a80e8c9121a0155f4d6cfff_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:5c52a4379e5fb1b512e312ed917347fef086c9ac9a80e8c9121a0155f4d6cfff_ppc64le"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:5c52a4379e5fb1b512e312ed917347fef086c9ac9a80e8c9121a0155f4d6cfff_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:de6ccdd5ea9a2562911688db024be0d1d3c118f7d7ada739c11725689a5404ea_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:de6ccdd5ea9a2562911688db024be0d1d3c118f7d7ada739c11725689a5404ea_amd64"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:de6ccdd5ea9a2562911688db024be0d1d3c118f7d7ada739c11725689a5404ea_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:131d2f3c8fc631ddd6953ede3392eac0363a4cc485d1b11caf94c9c5572ed43c_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:131d2f3c8fc631ddd6953ede3392eac0363a4cc485d1b11caf94c9c5572ed43c_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:131d2f3c8fc631ddd6953ede3392eac0363a4cc485d1b11caf94c9c5572ed43c_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:6e1500b69e5e799d70d5e89a25cb5dc92f285f0e05d5a4140a11c4aae2e1872e_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:6e1500b69e5e799d70d5e89a25cb5dc92f285f0e05d5a4140a11c4aae2e1872e_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:6e1500b69e5e799d70d5e89a25cb5dc92f285f0e05d5a4140a11c4aae2e1872e_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:c18406727f0b0c50873f9db2fcd9922e845bdaa0cbc35b79f70a8214e5a27359_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:c18406727f0b0c50873f9db2fcd9922e845bdaa0cbc35b79f70a8214e5a27359_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:c18406727f0b0c50873f9db2fcd9922e845bdaa0cbc35b79f70a8214e5a27359_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:a98496cb8953923f0afc48ad87d22ff7ab350d96fdeaabbb9b98aefcddc73b33_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:a98496cb8953923f0afc48ad87d22ff7ab350d96fdeaabbb9b98aefcddc73b33_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:a98496cb8953923f0afc48ad87d22ff7ab350d96fdeaabbb9b98aefcddc73b33_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:ad56935d5b58add2e96d76217ffdc29fa86a549e95cd981e119dfe05d5d7084e_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:ad56935d5b58add2e96d76217ffdc29fa86a549e95cd981e119dfe05d5d7084e_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:ad56935d5b58add2e96d76217ffdc29fa86a549e95cd981e119dfe05d5d7084e_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:f1c2b832d9dcda35e7eda92e3c81ad86956b8a4e02cf0fd465bc719549f8d317_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:f1c2b832d9dcda35e7eda92e3c81ad86956b8a4e02cf0fd465bc719549f8d317_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:f1c2b832d9dcda35e7eda92e3c81ad86956b8a4e02cf0fd465bc719549f8d317_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:1586092c783997486caf507909dfe82c6a73a3e236d78df0698630995654d00e_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:b630debe0d30be952695b9eabe2ad29f614f90c9973d0c704d45cddf4dc3ad12_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:fa18b7ca16b6f6bd03ba6c0fc7c647ded334c1713aeb4dde3e6e19bb153de52d_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:5e79124bf500b50aa64d74fe10e0b54063e4b2a5c9cc622ce0e513fa53f78036_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:b84c8f922f4fdf1fafcc39d54f067ac2b195d5eb9a49271e7a72ee2623beee5b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:e7208fafea3cabd16b976aba8ec649fee589477de3f85faa8c05783f4fb5222c_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:0efbfe363d9104480489e0c431ae264f91d4ec432b1f14feccde3a3a1067013b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:0f36d61ab5401d75c227a4b433bedc7f85f1105d91c6993f446ff16a2b61d01a_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c59da7a08a8d5cb7f6e55b004abf176b90b98bc9543258e193a16704fe3f3a25_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:9b5baf148eb685bb0df69a0df77f1b0586d402cf4f176909ea634e68bfa03437_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e9a383779773f4639d5465fa207c5f90eb0e19a9e51167d3427dcf03c53786e6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:ff9420d2ba85f009dc044d50cdca7fc98fcc0bb4ee435d0099c2f5da0055d1a3_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:403b41d0376cd61ad05941390a24943db7c8f7100f0f77150001bc76b744d1dd_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:5c52a4379e5fb1b512e312ed917347fef086c9ac9a80e8c9121a0155f4d6cfff_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:de6ccdd5ea9a2562911688db024be0d1d3c118f7d7ada739c11725689a5404ea_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:131d2f3c8fc631ddd6953ede3392eac0363a4cc485d1b11caf94c9c5572ed43c_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:6e1500b69e5e799d70d5e89a25cb5dc92f285f0e05d5a4140a11c4aae2e1872e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:c18406727f0b0c50873f9db2fcd9922e845bdaa0cbc35b79f70a8214e5a27359_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:a98496cb8953923f0afc48ad87d22ff7ab350d96fdeaabbb9b98aefcddc73b33_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:ad56935d5b58add2e96d76217ffdc29fa86a549e95cd981e119dfe05d5d7084e_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:f1c2b832d9dcda35e7eda92e3c81ad86956b8a4e02cf0fd465bc719549f8d317_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:1794453b96ced9d22eb62b0562ceb3d313966326e1f4c58812d630c96b768a0f_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:598e956427dff0259d57b886c58bb0b464829c8c034b345ee65ad39d41eeaf41_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f20849d738ee38b5e65710c51ae30f7dd5c5e1386734e2c9d07271ae04f9de7e_ppc64le"
],
"known_not_affected": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:1586092c783997486caf507909dfe82c6a73a3e236d78df0698630995654d00e_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:b630debe0d30be952695b9eabe2ad29f614f90c9973d0c704d45cddf4dc3ad12_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:fa18b7ca16b6f6bd03ba6c0fc7c647ded334c1713aeb4dde3e6e19bb153de52d_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:5e79124bf500b50aa64d74fe10e0b54063e4b2a5c9cc622ce0e513fa53f78036_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:b84c8f922f4fdf1fafcc39d54f067ac2b195d5eb9a49271e7a72ee2623beee5b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:e7208fafea3cabd16b976aba8ec649fee589477de3f85faa8c05783f4fb5222c_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:0efbfe363d9104480489e0c431ae264f91d4ec432b1f14feccde3a3a1067013b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:0f36d61ab5401d75c227a4b433bedc7f85f1105d91c6993f446ff16a2b61d01a_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c59da7a08a8d5cb7f6e55b004abf176b90b98bc9543258e193a16704fe3f3a25_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:9b5baf148eb685bb0df69a0df77f1b0586d402cf4f176909ea634e68bfa03437_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e9a383779773f4639d5465fa207c5f90eb0e19a9e51167d3427dcf03c53786e6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:ff9420d2ba85f009dc044d50cdca7fc98fcc0bb4ee435d0099c2f5da0055d1a3_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:403b41d0376cd61ad05941390a24943db7c8f7100f0f77150001bc76b744d1dd_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:5c52a4379e5fb1b512e312ed917347fef086c9ac9a80e8c9121a0155f4d6cfff_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:de6ccdd5ea9a2562911688db024be0d1d3c118f7d7ada739c11725689a5404ea_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:131d2f3c8fc631ddd6953ede3392eac0363a4cc485d1b11caf94c9c5572ed43c_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:6e1500b69e5e799d70d5e89a25cb5dc92f285f0e05d5a4140a11c4aae2e1872e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:c18406727f0b0c50873f9db2fcd9922e845bdaa0cbc35b79f70a8214e5a27359_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:a98496cb8953923f0afc48ad87d22ff7ab350d96fdeaabbb9b98aefcddc73b33_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:ad56935d5b58add2e96d76217ffdc29fa86a549e95cd981e119dfe05d5d7084e_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:f1c2b832d9dcda35e7eda92e3c81ad86956b8a4e02cf0fd465bc719549f8d317_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T17:47:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:1794453b96ced9d22eb62b0562ceb3d313966326e1f4c58812d630c96b768a0f_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:598e956427dff0259d57b886c58bb0b464829c8c034b345ee65ad39d41eeaf41_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f20849d738ee38b5e65710c51ae30f7dd5c5e1386734e2c9d07271ae04f9de7e_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1448"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:1586092c783997486caf507909dfe82c6a73a3e236d78df0698630995654d00e_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:b630debe0d30be952695b9eabe2ad29f614f90c9973d0c704d45cddf4dc3ad12_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:fa18b7ca16b6f6bd03ba6c0fc7c647ded334c1713aeb4dde3e6e19bb153de52d_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:5e79124bf500b50aa64d74fe10e0b54063e4b2a5c9cc622ce0e513fa53f78036_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:b84c8f922f4fdf1fafcc39d54f067ac2b195d5eb9a49271e7a72ee2623beee5b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:e7208fafea3cabd16b976aba8ec649fee589477de3f85faa8c05783f4fb5222c_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:0efbfe363d9104480489e0c431ae264f91d4ec432b1f14feccde3a3a1067013b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:0f36d61ab5401d75c227a4b433bedc7f85f1105d91c6993f446ff16a2b61d01a_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c59da7a08a8d5cb7f6e55b004abf176b90b98bc9543258e193a16704fe3f3a25_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:1794453b96ced9d22eb62b0562ceb3d313966326e1f4c58812d630c96b768a0f_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:598e956427dff0259d57b886c58bb0b464829c8c034b345ee65ad39d41eeaf41_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f20849d738ee38b5e65710c51ae30f7dd5c5e1386734e2c9d07271ae04f9de7e_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:9b5baf148eb685bb0df69a0df77f1b0586d402cf4f176909ea634e68bfa03437_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e9a383779773f4639d5465fa207c5f90eb0e19a9e51167d3427dcf03c53786e6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:ff9420d2ba85f009dc044d50cdca7fc98fcc0bb4ee435d0099c2f5da0055d1a3_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:403b41d0376cd61ad05941390a24943db7c8f7100f0f77150001bc76b744d1dd_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:5c52a4379e5fb1b512e312ed917347fef086c9ac9a80e8c9121a0155f4d6cfff_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:de6ccdd5ea9a2562911688db024be0d1d3c118f7d7ada739c11725689a5404ea_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:131d2f3c8fc631ddd6953ede3392eac0363a4cc485d1b11caf94c9c5572ed43c_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:6e1500b69e5e799d70d5e89a25cb5dc92f285f0e05d5a4140a11c4aae2e1872e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:c18406727f0b0c50873f9db2fcd9922e845bdaa0cbc35b79f70a8214e5a27359_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:a98496cb8953923f0afc48ad87d22ff7ab350d96fdeaabbb9b98aefcddc73b33_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:ad56935d5b58add2e96d76217ffdc29fa86a549e95cd981e119dfe05d5d7084e_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:f1c2b832d9dcda35e7eda92e3c81ad86956b8a4e02cf0fd465bc719549f8d317_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:1529
Vulnerability from csaf_redhat - Published: 2023-03-30 00:42 - Updated: 2026-06-20 19:28Summary
Red Hat Security Advisory: Service Telemetry Framework 1.5 security update
Severity
Moderate
Notes
Topic: An update is now available for Service Telemetry Framework 1.5.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring.
Security Fix(es):
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability.
6.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Low
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Workaround
|
Threats
Impact
Low
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
References
100 references
Acknowledgments
Joël Gähwiler
ADA Logics
Adam Korczynski
OSS-Fuzz
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Service Telemetry Framework 1.5.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring.\n\nSecurity Fix(es):\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1529",
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "2092544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092544"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2176537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176537"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1529.json"
}
],
"title": "Red Hat Security Advisory: Service Telemetry Framework 1.5 security update",
"tracking": {
"current_release_date": "2026-06-20T19:28:58+00:00",
"generator": {
"date": "2026-06-20T19:28:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2023:1529",
"initial_release_date": "2023-03-30T00:42:39+00:00",
"revision_history": [
{
"date": "2023-03-30T00:42:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-30T00:42:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-20T19:28:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Service Telemetry Framework 1.5 for RHEL 8",
"product": {
"name": "Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:stf:1.5::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"product": {
"name": "stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"product_id": "stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f?arch=amd64\u0026repository_url=registry.redhat.io/stf/prometheus-webhook-snmp-rhel8\u0026tag=1.5.2-2"
}
}
},
{
"category": "product_version",
"name": "stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"product": {
"name": "stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"product_id": "stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"product_identification_helper": {
"purl": "pkg:oci/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717?arch=amd64\u0026repository_url=registry.redhat.io/stf/service-telemetry-operator-bundle\u0026tag=1.5.1678301890-1"
}
}
},
{
"category": "product_version",
"name": "stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"product": {
"name": "stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"product_id": "stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0?arch=amd64\u0026repository_url=registry.redhat.io/stf/service-telemetry-rhel8-operator\u0026tag=1.5.1-2"
}
}
},
{
"category": "product_version",
"name": "stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"product": {
"name": "stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"product_id": "stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28?arch=amd64\u0026repository_url=registry.redhat.io/stf/sg-bridge-rhel8\u0026tag=1.5.0-12"
}
}
},
{
"category": "product_version",
"name": "stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"product": {
"name": "stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"product_id": "stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"product_identification_helper": {
"purl": "pkg:oci/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37?arch=amd64\u0026repository_url=registry.redhat.io/stf/sg-core-rhel8\u0026tag=5.1.1-2"
}
}
},
{
"category": "product_version",
"name": "stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"product": {
"name": "stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"product_id": "stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"product_identification_helper": {
"purl": "pkg:oci/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546?arch=amd64\u0026repository_url=registry.redhat.io/stf/smart-gateway-operator-bundle\u0026tag=5.0.1678301890-1"
}
}
},
{
"category": "product_version",
"name": "stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64",
"product": {
"name": "stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64",
"product_id": "stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64",
"product_identification_helper": {
"purl": "pkg:oci/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471?arch=amd64\u0026repository_url=registry.redhat.io/stf/smart-gateway-rhel8-operator\u0026tag=5.0.1-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64"
},
"product_reference": "stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64"
},
"product_reference": "stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64"
},
"product_reference": "stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64"
},
"product_reference": "stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
},
"product_reference": "stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64"
},
"product_reference": "stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
},
"product_reference": "stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"cve": "CVE-2022-23772",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "RHBZ#2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
},
{
"cve": "CVE-2022-23773",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053541"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "RHBZ#2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
},
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nThe vulnerability lies in the crypto/elliptic: IsOnCurve taking in negative and invalid forms of data input and resulting in a panic, the resulting invalid data input is also resulting in data sinks in other functions such as marshall that handle elliptic curve cryptography by converting points on an elliptic curve into a binary format for storage or transmission and scalarmult which provides scalar multiplication, all three function takes in invalid forms of data and results in a crash, although the main culprit being isoncurve function, considering the attack complexity being high as the data that reaches the vulnerable function could already be stripped of negative sign and the resultant successful exploitation only leading to a panic/crash the vulnerability has been rated as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "RHBZ#2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077688"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/pem: fix stack overflow in Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24675"
},
{
"category": "external",
"summary": "RHBZ#2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/pem: fix stack overflow in Decode"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
},
{
"acknowledgments": [
{
"names": [
"Jo\u00ebl G\u00e4hwiler"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-29526",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2022-05-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2084085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: faccessat checks wrong group",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29526"
},
{
"category": "external",
"summary": "RHBZ#2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
"url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
}
],
"release_date": "2022-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: faccessat checks wrong group"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:1816
Vulnerability from csaf_redhat - Published: 2023-04-17 22:34 - Updated: 2026-06-02 17:38Summary
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.2 Bug Fix and security update
Severity
Moderate
Notes
Topic: Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* [backport 4.12] s3 sync directory to a bucket fails with Internal Error in between the upload operation (BZ#2170416)
* [4.12 clone] [Noobaa] Secrets are used in env variables (BZ#2171968)
* [Backport to 4.12.z] Placeholder bug to backport the odf changes for Managed services epic RHSTOR-2442 to 4.12.z (BZ#2174335)
* [ODF 4.12] Missing the status-reporter binary causing pods "report-status-to-provider" remain in CreateContainerError on ODF to ODF cluster on ROSA (BZ#2179978)
* [MDR] After upgrade(redhat-operators) on hub from 4.12.1 to 4.12.2 noticed 2 token-exchange-agent pods on managed clusters and one of them on CBLO (BZ#2183198)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:457dc81080a0b9eb0920edf2f4b485b004bd052b2aed5f67271deeface6d5bcb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:4882968a8b7e1409be1ffa26de6f7f8d07d381e2b43f79ce7a48b3ac9a6eb31e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:5eacb98798e5cdb5230cabc933e73274a97fe4c1e08b2c56f830577ec86461c5_s390x | — |
Vendor Fix
fix
|
Known not affected
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:02a45a4526c44cd9723abb0e155a627cd0d7e827dc11e4679ddab1067cf82239_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:26cd66e3c1b82d8466b45ad04821c15a570ecb4527f5b21e7b80e8c2addc7779_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:ec31241541e2abd78bf8cf2a627c7c2372f613462f450f244b5652de4f84be75_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:8e832ccabcce01c544a66a8f0dce82bf817fbb57b9c32f9d08fb6648615017a8_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:b6259101dd506a40cf2ada869a74c6dfee70c962ef33059beb93a566fc6a7352_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:f870f0e1c9101cc1235955958132cdccc4239a394a91b794f9c7d1076a831fc3_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:ae25765423b3c26edbf244565fda9bb803f3f88806e5ad7351e7eea5249dab32_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:b359aa18d0e121a5a8806c3bfcab145a432068d96023e1dfb6c0ff61729530ed_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:c8d9b5a89e1855d531c36376b746dd04a7bdcce04b756a5e0575eb607cd4c5fb_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:571a9816824bd780addd14bdebdfa33d6e2dae774d2eaf3ce4598f77c5d2f46c_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:6e707cf70c75e3ffe056c741e8f8a743f9274c31136e1e6b0d54849f97f9e839_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:780f21748e8a2e93c825b73dfa339a10eb40ed118440ec1e6463f18be050660b_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:02aa79c70cdd7d6705901a0251ee034d6f99babffd6b53d284b2887977da56a2_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:0c16859624d28c4ead088206ffe90a931950846a3f468ffe4180384fafb2e914_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:6f263c6ff6c9eb52d5a74977705357422750016f0e20aa5b4f0a2758ae2bf714_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:d9869214ad82dbe0822c6d2fc6e68d3cc5f136eea360c6aa35ef80fc042e0e4f_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:e4a184006675f2b90d4d61dff86314567926a462221d719d4f49b5aa539fd4d7_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:f8bb8fc209169c07136bf564d008dc945022d91a2b9701a2c26a8c9e119e48ae_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:1ceee23741fdbd8ea57c896394b7907a0d085747761aaff7499f9acd3da12c05_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:5a7eb94cbe7c3c3beb5b0b578a594db5b21952a917b80d5d144fd131983136f6_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:df37316320641fb32a777267be06ffcf40fac7c5e18347f9082b1ca16e64e6fb_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:aa296e043b81a7a56f50a030f145fc3ef29f5a5cd629b2e443ae4ebd4a579949_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:b79e124c25a496d6faf8cb4fc2b6c6cfc16168a375ab74d646aeb47b7d313432_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:f3febb8c575c0008630db316cd445ebfeb4cf22729109d29649e90835cf9864a_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:05ded1646a55559834a7b5b73efe4cc75eb5766dacbd13625ac762f6b653cd06_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:06fcb2723384a47645b02b1e5bf204ee164c237d5858d54dcdf824a3ed0dbb92_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:9f618cd8acce0a97eb6da2bd07a198a5ea6dde4f89aed5d3db690e693b934e7b_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:a03151222a299e9994de4e490169f326fe97b770966e37107d6615e4f8e5ed54_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:c749a20a95dd9a2d494c6850269da4c785a991f7f8315f284eb40a009012fad8_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:eb9a4f71876b95ae09ff265bd775213e5ab5a0a52df72b0e81a235ef9b4dfa0c_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:34c31af6bc9075c1e87707424bbd73b2cd958a60a66c6ab2b0b9d0dd5cf43d71_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:81d995804e8323c5d3f8d97e4cfe3994f8557a570d95ef54d3a3fdb92983e36a_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:dddbe73a0d0cb9cffef5cfe6c29d2fe5b1c47af44e461958dd40a7b1be7655d4_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:0ef01ac2d319f6316a471a598c228b548496c34f65ac3408b7972a04b0322e9d_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:279143d15ee81346544f3d349c31ceca4a961b7a0335ef244897b6f9539b0853_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:ab6ef8e5bac5ed45620fd70046fae897edf2cb4c3f979f143925ff25e39573fe_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:2c3875c244464a22072601e67a8f823f668e184f5409a00ddbb76c210d16c308_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:f233577ffe579fe96f2bc5e40b31c503d07c1286a4552d13817f29e32a630bbf_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:f91d25a2921acf5dd00c1e02d5004369fb774ac35e74d2ca700707463abc3de9_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:3b6baf191b4c18ab9919b2fdb466fff213423a317a7a4693e8c6b6bbe49fad0e_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:5ff129c7bd9895bd061b3f909dfa618a39de63c1a8962909fbd276ddb3cc0eac_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:ce1e95332f5a1f26fda686689524434440cfaf79157b03e19bc6d5a8174ba08c_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:5b2c4038514d3ad2a50a0f1ff69d8bb1b63f68dc0a65cc59d84992544b129748_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:d5cb1e7b977ac06f3d135b75039f5e7d9b72712fb56da46b3197934468087089_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:ed4edaaa3aff9484ad8edf73b79674239b08e46b47783a32c2cdd30580a76f65_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:548824cea11b74bd3cf029362e0af7ca4e274106536969e06100ed4d8e04c2ae_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:93687d26b46bc7de5341a5e11a8040fcf47faaf8a21ce6dfd2128a00ede4ba40_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:ab710ac2f356c8328dddbd1471b0952ffd529de61630dd0d3702e8f9ab17834a_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:08fb694a868637cc78da5d9a9a7de71c8f36ce54a8a66860aac95c9434207b80_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:34a6065837c1298716257cf0d393d2976d617442690ef476d18f582d179f933f_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:ea93d88a9abce4772f7fea2e1833d708f70261c99e4954fd1917d8ee8af3105e_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:1c069d2e9b67ebcbaf69d6410556a52acdb54e2eb40fa6894bc849c7786d9453_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:38d189fb8c68a5c1566fb87fc80c633ee21d351a9905cfb17d4585d70b448750_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:a10ee5a6d0925df1836742715253826171f698655c4977ae2825bdab4eb19288_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:120ed6dbb7c2001e81ba53ec2a64f5ee8e5108ff65ffbda481cb37b8c548e40f_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:127ede6c4d4e1d9e1e3639a7002b220e8b5610a0dbb86439f0fd21d7f2a60061_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:43b8ec1e8a4064044087ddfe6f69923bce5760fd6584796b658d91ae5a578af1_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:a471ad0f59a27bd83a72f56016a53385692b23311ee37e74ae89a067fa931b49_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:a7a9d2468137c9c37acd96f3754088186491317d90537c6f90cf7a24bbe99ca3_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:e1c44a717f76e99f94453222c26c11122a12ff1257b52a5df5e2f298f648d7fc_ppc64le | — |
Threats
Impact
Moderate
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.\n\nSecurity Fix(es):\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [backport 4.12] s3 sync directory to a bucket fails with Internal Error in between the upload operation (BZ#2170416)\n\n* [4.12 clone] [Noobaa] Secrets are used in env variables (BZ#2171968)\n\n* [Backport to 4.12.z] Placeholder bug to backport the odf changes for Managed services epic RHSTOR-2442 to 4.12.z (BZ#2174335)\n\n* [ODF 4.12] Missing the status-reporter binary causing pods \"report-status-to-provider\" remain in CreateContainerError on ODF to ODF cluster on ROSA (BZ#2179978)\n\n* [MDR] After upgrade(redhat-operators) on hub from 4.12.1 to 4.12.2 noticed 2 token-exchange-agent pods on managed clusters and one of them on CBLO (BZ#2183198)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1816",
"url": "https://access.redhat.com/errata/RHSA-2023:1816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2171968",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171968"
},
{
"category": "external",
"summary": "2174335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174335"
},
{
"category": "external",
"summary": "2175365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175365"
},
{
"category": "external",
"summary": "2179978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179978"
},
{
"category": "external",
"summary": "2183198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183198"
},
{
"category": "external",
"summary": "2186455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186455"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1816.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.2 Bug Fix and security update",
"tracking": {
"current_release_date": "2026-06-02T17:38:36+00:00",
"generator": {
"date": "2026-06-02T17:38:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:1816",
"initial_release_date": "2023-04-17T22:34:01+00:00",
"revision_history": [
{
"date": "2023-04-17T22:34:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-04-17T22:34:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:38:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHODF 4.12 for RHEL 8",
"product": {
"name": "RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:ec31241541e2abd78bf8cf2a627c7c2372f613462f450f244b5652de4f84be75_ppc64le",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:ec31241541e2abd78bf8cf2a627c7c2372f613462f450f244b5652de4f84be75_ppc64le",
"product_id": "odf4/cephcsi-rhel8@sha256:ec31241541e2abd78bf8cf2a627c7c2372f613462f450f244b5652de4f84be75_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:ec31241541e2abd78bf8cf2a627c7c2372f613462f450f244b5652de4f84be75?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:8e832ccabcce01c544a66a8f0dce82bf817fbb57b9c32f9d08fb6648615017a8_ppc64le",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:8e832ccabcce01c544a66a8f0dce82bf817fbb57b9c32f9d08fb6648615017a8_ppc64le",
"product_id": "odf4/mcg-core-rhel8@sha256:8e832ccabcce01c544a66a8f0dce82bf817fbb57b9c32f9d08fb6648615017a8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:8e832ccabcce01c544a66a8f0dce82bf817fbb57b9c32f9d08fb6648615017a8?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:c8d9b5a89e1855d531c36376b746dd04a7bdcce04b756a5e0575eb607cd4c5fb_ppc64le",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:c8d9b5a89e1855d531c36376b746dd04a7bdcce04b756a5e0575eb607cd4c5fb_ppc64le",
"product_id": "odf4/mcg-operator-bundle@sha256:c8d9b5a89e1855d531c36376b746dd04a7bdcce04b756a5e0575eb607cd4c5fb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:c8d9b5a89e1855d531c36376b746dd04a7bdcce04b756a5e0575eb607cd4c5fb?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:571a9816824bd780addd14bdebdfa33d6e2dae774d2eaf3ce4598f77c5d2f46c_ppc64le",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:571a9816824bd780addd14bdebdfa33d6e2dae774d2eaf3ce4598f77c5d2f46c_ppc64le",
"product_id": "odf4/mcg-rhel8-operator@sha256:571a9816824bd780addd14bdebdfa33d6e2dae774d2eaf3ce4598f77c5d2f46c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:571a9816824bd780addd14bdebdfa33d6e2dae774d2eaf3ce4598f77c5d2f46c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:02aa79c70cdd7d6705901a0251ee034d6f99babffd6b53d284b2887977da56a2_ppc64le",
"product": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:02aa79c70cdd7d6705901a0251ee034d6f99babffd6b53d284b2887977da56a2_ppc64le",
"product_id": "odf4/ocs-metrics-exporter-rhel8@sha256:02aa79c70cdd7d6705901a0251ee034d6f99babffd6b53d284b2887977da56a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel8@sha256:02aa79c70cdd7d6705901a0251ee034d6f99babffd6b53d284b2887977da56a2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:d9869214ad82dbe0822c6d2fc6e68d3cc5f136eea360c6aa35ef80fc042e0e4f_ppc64le",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:d9869214ad82dbe0822c6d2fc6e68d3cc5f136eea360c6aa35ef80fc042e0e4f_ppc64le",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:d9869214ad82dbe0822c6d2fc6e68d3cc5f136eea360c6aa35ef80fc042e0e4f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:d9869214ad82dbe0822c6d2fc6e68d3cc5f136eea360c6aa35ef80fc042e0e4f?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:1ceee23741fdbd8ea57c896394b7907a0d085747761aaff7499f9acd3da12c05_ppc64le",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:1ceee23741fdbd8ea57c896394b7907a0d085747761aaff7499f9acd3da12c05_ppc64le",
"product_id": "odf4/ocs-operator-bundle@sha256:1ceee23741fdbd8ea57c896394b7907a0d085747761aaff7499f9acd3da12c05_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:1ceee23741fdbd8ea57c896394b7907a0d085747761aaff7499f9acd3da12c05?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:b79e124c25a496d6faf8cb4fc2b6c6cfc16168a375ab74d646aeb47b7d313432_ppc64le",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:b79e124c25a496d6faf8cb4fc2b6c6cfc16168a375ab74d646aeb47b7d313432_ppc64le",
"product_id": "odf4/ocs-rhel8-operator@sha256:b79e124c25a496d6faf8cb4fc2b6c6cfc16168a375ab74d646aeb47b7d313432_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:b79e124c25a496d6faf8cb4fc2b6c6cfc16168a375ab74d646aeb47b7d313432?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:06fcb2723384a47645b02b1e5bf204ee164c237d5858d54dcdf824a3ed0dbb92_ppc64le",
"product": {
"name": "odf4/odf-console-rhel8@sha256:06fcb2723384a47645b02b1e5bf204ee164c237d5858d54dcdf824a3ed0dbb92_ppc64le",
"product_id": "odf4/odf-console-rhel8@sha256:06fcb2723384a47645b02b1e5bf204ee164c237d5858d54dcdf824a3ed0dbb92_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:06fcb2723384a47645b02b1e5bf204ee164c237d5858d54dcdf824a3ed0dbb92?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:eb9a4f71876b95ae09ff265bd775213e5ab5a0a52df72b0e81a235ef9b4dfa0c_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:eb9a4f71876b95ae09ff265bd775213e5ab5a0a52df72b0e81a235ef9b4dfa0c_ppc64le",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:eb9a4f71876b95ae09ff265bd775213e5ab5a0a52df72b0e81a235ef9b4dfa0c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:eb9a4f71876b95ae09ff265bd775213e5ab5a0a52df72b0e81a235ef9b4dfa0c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:81d995804e8323c5d3f8d97e4cfe3994f8557a570d95ef54d3a3fdb92983e36a_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:81d995804e8323c5d3f8d97e4cfe3994f8557a570d95ef54d3a3fdb92983e36a_ppc64le",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:81d995804e8323c5d3f8d97e4cfe3994f8557a570d95ef54d3a3fdb92983e36a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:81d995804e8323c5d3f8d97e4cfe3994f8557a570d95ef54d3a3fdb92983e36a?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:279143d15ee81346544f3d349c31ceca4a961b7a0335ef244897b6f9539b0853_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:279143d15ee81346544f3d349c31ceca4a961b7a0335ef244897b6f9539b0853_ppc64le",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:279143d15ee81346544f3d349c31ceca4a961b7a0335ef244897b6f9539b0853_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:279143d15ee81346544f3d349c31ceca4a961b7a0335ef244897b6f9539b0853?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-console-rhel8@sha256:f233577ffe579fe96f2bc5e40b31c503d07c1286a4552d13817f29e32a630bbf_ppc64le",
"product": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:f233577ffe579fe96f2bc5e40b31c503d07c1286a4552d13817f29e32a630bbf_ppc64le",
"product_id": "odf4/odf-multicluster-console-rhel8@sha256:f233577ffe579fe96f2bc5e40b31c503d07c1286a4552d13817f29e32a630bbf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel8@sha256:f233577ffe579fe96f2bc5e40b31c503d07c1286a4552d13817f29e32a630bbf?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:ce1e95332f5a1f26fda686689524434440cfaf79157b03e19bc6d5a8174ba08c_ppc64le",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:ce1e95332f5a1f26fda686689524434440cfaf79157b03e19bc6d5a8174ba08c_ppc64le",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:ce1e95332f5a1f26fda686689524434440cfaf79157b03e19bc6d5a8174ba08c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:ce1e95332f5a1f26fda686689524434440cfaf79157b03e19bc6d5a8174ba08c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:457dc81080a0b9eb0920edf2f4b485b004bd052b2aed5f67271deeface6d5bcb_ppc64le",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:457dc81080a0b9eb0920edf2f4b485b004bd052b2aed5f67271deeface6d5bcb_ppc64le",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:457dc81080a0b9eb0920edf2f4b485b004bd052b2aed5f67271deeface6d5bcb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:457dc81080a0b9eb0920edf2f4b485b004bd052b2aed5f67271deeface6d5bcb?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.12.2-2"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:d5cb1e7b977ac06f3d135b75039f5e7d9b72712fb56da46b3197934468087089_ppc64le",
"product": {
"name": "odf4/odf-operator-bundle@sha256:d5cb1e7b977ac06f3d135b75039f5e7d9b72712fb56da46b3197934468087089_ppc64le",
"product_id": "odf4/odf-operator-bundle@sha256:d5cb1e7b977ac06f3d135b75039f5e7d9b72712fb56da46b3197934468087089_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:d5cb1e7b977ac06f3d135b75039f5e7d9b72712fb56da46b3197934468087089?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:548824cea11b74bd3cf029362e0af7ca4e274106536969e06100ed4d8e04c2ae_ppc64le",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:548824cea11b74bd3cf029362e0af7ca4e274106536969e06100ed4d8e04c2ae_ppc64le",
"product_id": "odf4/odf-rhel8-operator@sha256:548824cea11b74bd3cf029362e0af7ca4e274106536969e06100ed4d8e04c2ae_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:548824cea11b74bd3cf029362e0af7ca4e274106536969e06100ed4d8e04c2ae?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:34a6065837c1298716257cf0d393d2976d617442690ef476d18f582d179f933f_ppc64le",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:34a6065837c1298716257cf0d393d2976d617442690ef476d18f582d179f933f_ppc64le",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:34a6065837c1298716257cf0d393d2976d617442690ef476d18f582d179f933f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:34a6065837c1298716257cf0d393d2976d617442690ef476d18f582d179f933f?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:1c069d2e9b67ebcbaf69d6410556a52acdb54e2eb40fa6894bc849c7786d9453_ppc64le",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:1c069d2e9b67ebcbaf69d6410556a52acdb54e2eb40fa6894bc849c7786d9453_ppc64le",
"product_id": "odf4/odr-hub-operator-bundle@sha256:1c069d2e9b67ebcbaf69d6410556a52acdb54e2eb40fa6894bc849c7786d9453_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:1c069d2e9b67ebcbaf69d6410556a52acdb54e2eb40fa6894bc849c7786d9453?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:43b8ec1e8a4064044087ddfe6f69923bce5760fd6584796b658d91ae5a578af1_ppc64le",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:43b8ec1e8a4064044087ddfe6f69923bce5760fd6584796b658d91ae5a578af1_ppc64le",
"product_id": "odf4/odr-rhel8-operator@sha256:43b8ec1e8a4064044087ddfe6f69923bce5760fd6584796b658d91ae5a578af1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:43b8ec1e8a4064044087ddfe6f69923bce5760fd6584796b658d91ae5a578af1?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.12.2-2"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:e1c44a717f76e99f94453222c26c11122a12ff1257b52a5df5e2f298f648d7fc_ppc64le",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:e1c44a717f76e99f94453222c26c11122a12ff1257b52a5df5e2f298f648d7fc_ppc64le",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:e1c44a717f76e99f94453222c26c11122a12ff1257b52a5df5e2f298f648d7fc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:e1c44a717f76e99f94453222c26c11122a12ff1257b52a5df5e2f298f648d7fc?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.12.2-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:26cd66e3c1b82d8466b45ad04821c15a570ecb4527f5b21e7b80e8c2addc7779_s390x",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:26cd66e3c1b82d8466b45ad04821c15a570ecb4527f5b21e7b80e8c2addc7779_s390x",
"product_id": "odf4/cephcsi-rhel8@sha256:26cd66e3c1b82d8466b45ad04821c15a570ecb4527f5b21e7b80e8c2addc7779_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:26cd66e3c1b82d8466b45ad04821c15a570ecb4527f5b21e7b80e8c2addc7779?arch=s390x\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:b6259101dd506a40cf2ada869a74c6dfee70c962ef33059beb93a566fc6a7352_s390x",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:b6259101dd506a40cf2ada869a74c6dfee70c962ef33059beb93a566fc6a7352_s390x",
"product_id": "odf4/mcg-core-rhel8@sha256:b6259101dd506a40cf2ada869a74c6dfee70c962ef33059beb93a566fc6a7352_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:b6259101dd506a40cf2ada869a74c6dfee70c962ef33059beb93a566fc6a7352?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:ae25765423b3c26edbf244565fda9bb803f3f88806e5ad7351e7eea5249dab32_s390x",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:ae25765423b3c26edbf244565fda9bb803f3f88806e5ad7351e7eea5249dab32_s390x",
"product_id": "odf4/mcg-operator-bundle@sha256:ae25765423b3c26edbf244565fda9bb803f3f88806e5ad7351e7eea5249dab32_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:ae25765423b3c26edbf244565fda9bb803f3f88806e5ad7351e7eea5249dab32?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:6e707cf70c75e3ffe056c741e8f8a743f9274c31136e1e6b0d54849f97f9e839_s390x",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:6e707cf70c75e3ffe056c741e8f8a743f9274c31136e1e6b0d54849f97f9e839_s390x",
"product_id": "odf4/mcg-rhel8-operator@sha256:6e707cf70c75e3ffe056c741e8f8a743f9274c31136e1e6b0d54849f97f9e839_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:6e707cf70c75e3ffe056c741e8f8a743f9274c31136e1e6b0d54849f97f9e839?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:6f263c6ff6c9eb52d5a74977705357422750016f0e20aa5b4f0a2758ae2bf714_s390x",
"product": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:6f263c6ff6c9eb52d5a74977705357422750016f0e20aa5b4f0a2758ae2bf714_s390x",
"product_id": "odf4/ocs-metrics-exporter-rhel8@sha256:6f263c6ff6c9eb52d5a74977705357422750016f0e20aa5b4f0a2758ae2bf714_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel8@sha256:6f263c6ff6c9eb52d5a74977705357422750016f0e20aa5b4f0a2758ae2bf714?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:f8bb8fc209169c07136bf564d008dc945022d91a2b9701a2c26a8c9e119e48ae_s390x",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:f8bb8fc209169c07136bf564d008dc945022d91a2b9701a2c26a8c9e119e48ae_s390x",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:f8bb8fc209169c07136bf564d008dc945022d91a2b9701a2c26a8c9e119e48ae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:f8bb8fc209169c07136bf564d008dc945022d91a2b9701a2c26a8c9e119e48ae?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:df37316320641fb32a777267be06ffcf40fac7c5e18347f9082b1ca16e64e6fb_s390x",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:df37316320641fb32a777267be06ffcf40fac7c5e18347f9082b1ca16e64e6fb_s390x",
"product_id": "odf4/ocs-operator-bundle@sha256:df37316320641fb32a777267be06ffcf40fac7c5e18347f9082b1ca16e64e6fb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:df37316320641fb32a777267be06ffcf40fac7c5e18347f9082b1ca16e64e6fb?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:f3febb8c575c0008630db316cd445ebfeb4cf22729109d29649e90835cf9864a_s390x",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:f3febb8c575c0008630db316cd445ebfeb4cf22729109d29649e90835cf9864a_s390x",
"product_id": "odf4/ocs-rhel8-operator@sha256:f3febb8c575c0008630db316cd445ebfeb4cf22729109d29649e90835cf9864a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:f3febb8c575c0008630db316cd445ebfeb4cf22729109d29649e90835cf9864a?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:05ded1646a55559834a7b5b73efe4cc75eb5766dacbd13625ac762f6b653cd06_s390x",
"product": {
"name": "odf4/odf-console-rhel8@sha256:05ded1646a55559834a7b5b73efe4cc75eb5766dacbd13625ac762f6b653cd06_s390x",
"product_id": "odf4/odf-console-rhel8@sha256:05ded1646a55559834a7b5b73efe4cc75eb5766dacbd13625ac762f6b653cd06_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:05ded1646a55559834a7b5b73efe4cc75eb5766dacbd13625ac762f6b653cd06?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:a03151222a299e9994de4e490169f326fe97b770966e37107d6615e4f8e5ed54_s390x",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:a03151222a299e9994de4e490169f326fe97b770966e37107d6615e4f8e5ed54_s390x",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:a03151222a299e9994de4e490169f326fe97b770966e37107d6615e4f8e5ed54_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:a03151222a299e9994de4e490169f326fe97b770966e37107d6615e4f8e5ed54?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:dddbe73a0d0cb9cffef5cfe6c29d2fe5b1c47af44e461958dd40a7b1be7655d4_s390x",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:dddbe73a0d0cb9cffef5cfe6c29d2fe5b1c47af44e461958dd40a7b1be7655d4_s390x",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:dddbe73a0d0cb9cffef5cfe6c29d2fe5b1c47af44e461958dd40a7b1be7655d4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:dddbe73a0d0cb9cffef5cfe6c29d2fe5b1c47af44e461958dd40a7b1be7655d4?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0ef01ac2d319f6316a471a598c228b548496c34f65ac3408b7972a04b0322e9d_s390x",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0ef01ac2d319f6316a471a598c228b548496c34f65ac3408b7972a04b0322e9d_s390x",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0ef01ac2d319f6316a471a598c228b548496c34f65ac3408b7972a04b0322e9d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:0ef01ac2d319f6316a471a598c228b548496c34f65ac3408b7972a04b0322e9d?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-console-rhel8@sha256:2c3875c244464a22072601e67a8f823f668e184f5409a00ddbb76c210d16c308_s390x",
"product": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:2c3875c244464a22072601e67a8f823f668e184f5409a00ddbb76c210d16c308_s390x",
"product_id": "odf4/odf-multicluster-console-rhel8@sha256:2c3875c244464a22072601e67a8f823f668e184f5409a00ddbb76c210d16c308_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel8@sha256:2c3875c244464a22072601e67a8f823f668e184f5409a00ddbb76c210d16c308?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:5ff129c7bd9895bd061b3f909dfa618a39de63c1a8962909fbd276ddb3cc0eac_s390x",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:5ff129c7bd9895bd061b3f909dfa618a39de63c1a8962909fbd276ddb3cc0eac_s390x",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:5ff129c7bd9895bd061b3f909dfa618a39de63c1a8962909fbd276ddb3cc0eac_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:5ff129c7bd9895bd061b3f909dfa618a39de63c1a8962909fbd276ddb3cc0eac?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:5eacb98798e5cdb5230cabc933e73274a97fe4c1e08b2c56f830577ec86461c5_s390x",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:5eacb98798e5cdb5230cabc933e73274a97fe4c1e08b2c56f830577ec86461c5_s390x",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:5eacb98798e5cdb5230cabc933e73274a97fe4c1e08b2c56f830577ec86461c5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:5eacb98798e5cdb5230cabc933e73274a97fe4c1e08b2c56f830577ec86461c5?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.12.2-2"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:5b2c4038514d3ad2a50a0f1ff69d8bb1b63f68dc0a65cc59d84992544b129748_s390x",
"product": {
"name": "odf4/odf-operator-bundle@sha256:5b2c4038514d3ad2a50a0f1ff69d8bb1b63f68dc0a65cc59d84992544b129748_s390x",
"product_id": "odf4/odf-operator-bundle@sha256:5b2c4038514d3ad2a50a0f1ff69d8bb1b63f68dc0a65cc59d84992544b129748_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:5b2c4038514d3ad2a50a0f1ff69d8bb1b63f68dc0a65cc59d84992544b129748?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:ab710ac2f356c8328dddbd1471b0952ffd529de61630dd0d3702e8f9ab17834a_s390x",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:ab710ac2f356c8328dddbd1471b0952ffd529de61630dd0d3702e8f9ab17834a_s390x",
"product_id": "odf4/odf-rhel8-operator@sha256:ab710ac2f356c8328dddbd1471b0952ffd529de61630dd0d3702e8f9ab17834a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:ab710ac2f356c8328dddbd1471b0952ffd529de61630dd0d3702e8f9ab17834a?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:ea93d88a9abce4772f7fea2e1833d708f70261c99e4954fd1917d8ee8af3105e_s390x",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:ea93d88a9abce4772f7fea2e1833d708f70261c99e4954fd1917d8ee8af3105e_s390x",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:ea93d88a9abce4772f7fea2e1833d708f70261c99e4954fd1917d8ee8af3105e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:ea93d88a9abce4772f7fea2e1833d708f70261c99e4954fd1917d8ee8af3105e?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:a10ee5a6d0925df1836742715253826171f698655c4977ae2825bdab4eb19288_s390x",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:a10ee5a6d0925df1836742715253826171f698655c4977ae2825bdab4eb19288_s390x",
"product_id": "odf4/odr-hub-operator-bundle@sha256:a10ee5a6d0925df1836742715253826171f698655c4977ae2825bdab4eb19288_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:a10ee5a6d0925df1836742715253826171f698655c4977ae2825bdab4eb19288?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:120ed6dbb7c2001e81ba53ec2a64f5ee8e5108ff65ffbda481cb37b8c548e40f_s390x",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:120ed6dbb7c2001e81ba53ec2a64f5ee8e5108ff65ffbda481cb37b8c548e40f_s390x",
"product_id": "odf4/odr-rhel8-operator@sha256:120ed6dbb7c2001e81ba53ec2a64f5ee8e5108ff65ffbda481cb37b8c548e40f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:120ed6dbb7c2001e81ba53ec2a64f5ee8e5108ff65ffbda481cb37b8c548e40f?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.12.2-2"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:a7a9d2468137c9c37acd96f3754088186491317d90537c6f90cf7a24bbe99ca3_s390x",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:a7a9d2468137c9c37acd96f3754088186491317d90537c6f90cf7a24bbe99ca3_s390x",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:a7a9d2468137c9c37acd96f3754088186491317d90537c6f90cf7a24bbe99ca3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:a7a9d2468137c9c37acd96f3754088186491317d90537c6f90cf7a24bbe99ca3?arch=s390x\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.12.2-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:02a45a4526c44cd9723abb0e155a627cd0d7e827dc11e4679ddab1067cf82239_amd64",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:02a45a4526c44cd9723abb0e155a627cd0d7e827dc11e4679ddab1067cf82239_amd64",
"product_id": "odf4/cephcsi-rhel8@sha256:02a45a4526c44cd9723abb0e155a627cd0d7e827dc11e4679ddab1067cf82239_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:02a45a4526c44cd9723abb0e155a627cd0d7e827dc11e4679ddab1067cf82239?arch=amd64\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:f870f0e1c9101cc1235955958132cdccc4239a394a91b794f9c7d1076a831fc3_amd64",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:f870f0e1c9101cc1235955958132cdccc4239a394a91b794f9c7d1076a831fc3_amd64",
"product_id": "odf4/mcg-core-rhel8@sha256:f870f0e1c9101cc1235955958132cdccc4239a394a91b794f9c7d1076a831fc3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:f870f0e1c9101cc1235955958132cdccc4239a394a91b794f9c7d1076a831fc3?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:b359aa18d0e121a5a8806c3bfcab145a432068d96023e1dfb6c0ff61729530ed_amd64",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:b359aa18d0e121a5a8806c3bfcab145a432068d96023e1dfb6c0ff61729530ed_amd64",
"product_id": "odf4/mcg-operator-bundle@sha256:b359aa18d0e121a5a8806c3bfcab145a432068d96023e1dfb6c0ff61729530ed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:b359aa18d0e121a5a8806c3bfcab145a432068d96023e1dfb6c0ff61729530ed?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:780f21748e8a2e93c825b73dfa339a10eb40ed118440ec1e6463f18be050660b_amd64",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:780f21748e8a2e93c825b73dfa339a10eb40ed118440ec1e6463f18be050660b_amd64",
"product_id": "odf4/mcg-rhel8-operator@sha256:780f21748e8a2e93c825b73dfa339a10eb40ed118440ec1e6463f18be050660b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:780f21748e8a2e93c825b73dfa339a10eb40ed118440ec1e6463f18be050660b?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:0c16859624d28c4ead088206ffe90a931950846a3f468ffe4180384fafb2e914_amd64",
"product": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:0c16859624d28c4ead088206ffe90a931950846a3f468ffe4180384fafb2e914_amd64",
"product_id": "odf4/ocs-metrics-exporter-rhel8@sha256:0c16859624d28c4ead088206ffe90a931950846a3f468ffe4180384fafb2e914_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel8@sha256:0c16859624d28c4ead088206ffe90a931950846a3f468ffe4180384fafb2e914?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:e4a184006675f2b90d4d61dff86314567926a462221d719d4f49b5aa539fd4d7_amd64",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:e4a184006675f2b90d4d61dff86314567926a462221d719d4f49b5aa539fd4d7_amd64",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:e4a184006675f2b90d4d61dff86314567926a462221d719d4f49b5aa539fd4d7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:e4a184006675f2b90d4d61dff86314567926a462221d719d4f49b5aa539fd4d7?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:5a7eb94cbe7c3c3beb5b0b578a594db5b21952a917b80d5d144fd131983136f6_amd64",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:5a7eb94cbe7c3c3beb5b0b578a594db5b21952a917b80d5d144fd131983136f6_amd64",
"product_id": "odf4/ocs-operator-bundle@sha256:5a7eb94cbe7c3c3beb5b0b578a594db5b21952a917b80d5d144fd131983136f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:5a7eb94cbe7c3c3beb5b0b578a594db5b21952a917b80d5d144fd131983136f6?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:aa296e043b81a7a56f50a030f145fc3ef29f5a5cd629b2e443ae4ebd4a579949_amd64",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:aa296e043b81a7a56f50a030f145fc3ef29f5a5cd629b2e443ae4ebd4a579949_amd64",
"product_id": "odf4/ocs-rhel8-operator@sha256:aa296e043b81a7a56f50a030f145fc3ef29f5a5cd629b2e443ae4ebd4a579949_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:aa296e043b81a7a56f50a030f145fc3ef29f5a5cd629b2e443ae4ebd4a579949?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:9f618cd8acce0a97eb6da2bd07a198a5ea6dde4f89aed5d3db690e693b934e7b_amd64",
"product": {
"name": "odf4/odf-console-rhel8@sha256:9f618cd8acce0a97eb6da2bd07a198a5ea6dde4f89aed5d3db690e693b934e7b_amd64",
"product_id": "odf4/odf-console-rhel8@sha256:9f618cd8acce0a97eb6da2bd07a198a5ea6dde4f89aed5d3db690e693b934e7b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:9f618cd8acce0a97eb6da2bd07a198a5ea6dde4f89aed5d3db690e693b934e7b?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:c749a20a95dd9a2d494c6850269da4c785a991f7f8315f284eb40a009012fad8_amd64",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:c749a20a95dd9a2d494c6850269da4c785a991f7f8315f284eb40a009012fad8_amd64",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:c749a20a95dd9a2d494c6850269da4c785a991f7f8315f284eb40a009012fad8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:c749a20a95dd9a2d494c6850269da4c785a991f7f8315f284eb40a009012fad8?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:34c31af6bc9075c1e87707424bbd73b2cd958a60a66c6ab2b0b9d0dd5cf43d71_amd64",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:34c31af6bc9075c1e87707424bbd73b2cd958a60a66c6ab2b0b9d0dd5cf43d71_amd64",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:34c31af6bc9075c1e87707424bbd73b2cd958a60a66c6ab2b0b9d0dd5cf43d71_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:34c31af6bc9075c1e87707424bbd73b2cd958a60a66c6ab2b0b9d0dd5cf43d71?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:ab6ef8e5bac5ed45620fd70046fae897edf2cb4c3f979f143925ff25e39573fe_amd64",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:ab6ef8e5bac5ed45620fd70046fae897edf2cb4c3f979f143925ff25e39573fe_amd64",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:ab6ef8e5bac5ed45620fd70046fae897edf2cb4c3f979f143925ff25e39573fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:ab6ef8e5bac5ed45620fd70046fae897edf2cb4c3f979f143925ff25e39573fe?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-console-rhel8@sha256:f91d25a2921acf5dd00c1e02d5004369fb774ac35e74d2ca700707463abc3de9_amd64",
"product": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:f91d25a2921acf5dd00c1e02d5004369fb774ac35e74d2ca700707463abc3de9_amd64",
"product_id": "odf4/odf-multicluster-console-rhel8@sha256:f91d25a2921acf5dd00c1e02d5004369fb774ac35e74d2ca700707463abc3de9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel8@sha256:f91d25a2921acf5dd00c1e02d5004369fb774ac35e74d2ca700707463abc3de9?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel8\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:3b6baf191b4c18ab9919b2fdb466fff213423a317a7a4693e8c6b6bbe49fad0e_amd64",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:3b6baf191b4c18ab9919b2fdb466fff213423a317a7a4693e8c6b6bbe49fad0e_amd64",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:3b6baf191b4c18ab9919b2fdb466fff213423a317a7a4693e8c6b6bbe49fad0e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:3b6baf191b4c18ab9919b2fdb466fff213423a317a7a4693e8c6b6bbe49fad0e?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:4882968a8b7e1409be1ffa26de6f7f8d07d381e2b43f79ce7a48b3ac9a6eb31e_amd64",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:4882968a8b7e1409be1ffa26de6f7f8d07d381e2b43f79ce7a48b3ac9a6eb31e_amd64",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:4882968a8b7e1409be1ffa26de6f7f8d07d381e2b43f79ce7a48b3ac9a6eb31e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:4882968a8b7e1409be1ffa26de6f7f8d07d381e2b43f79ce7a48b3ac9a6eb31e?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.12.2-2"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:ed4edaaa3aff9484ad8edf73b79674239b08e46b47783a32c2cdd30580a76f65_amd64",
"product": {
"name": "odf4/odf-operator-bundle@sha256:ed4edaaa3aff9484ad8edf73b79674239b08e46b47783a32c2cdd30580a76f65_amd64",
"product_id": "odf4/odf-operator-bundle@sha256:ed4edaaa3aff9484ad8edf73b79674239b08e46b47783a32c2cdd30580a76f65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:ed4edaaa3aff9484ad8edf73b79674239b08e46b47783a32c2cdd30580a76f65?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:93687d26b46bc7de5341a5e11a8040fcf47faaf8a21ce6dfd2128a00ede4ba40_amd64",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:93687d26b46bc7de5341a5e11a8040fcf47faaf8a21ce6dfd2128a00ede4ba40_amd64",
"product_id": "odf4/odf-rhel8-operator@sha256:93687d26b46bc7de5341a5e11a8040fcf47faaf8a21ce6dfd2128a00ede4ba40_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:93687d26b46bc7de5341a5e11a8040fcf47faaf8a21ce6dfd2128a00ede4ba40?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.12.2-1"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:08fb694a868637cc78da5d9a9a7de71c8f36ce54a8a66860aac95c9434207b80_amd64",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:08fb694a868637cc78da5d9a9a7de71c8f36ce54a8a66860aac95c9434207b80_amd64",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:08fb694a868637cc78da5d9a9a7de71c8f36ce54a8a66860aac95c9434207b80_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:08fb694a868637cc78da5d9a9a7de71c8f36ce54a8a66860aac95c9434207b80?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:38d189fb8c68a5c1566fb87fc80c633ee21d351a9905cfb17d4585d70b448750_amd64",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:38d189fb8c68a5c1566fb87fc80c633ee21d351a9905cfb17d4585d70b448750_amd64",
"product_id": "odf4/odr-hub-operator-bundle@sha256:38d189fb8c68a5c1566fb87fc80c633ee21d351a9905cfb17d4585d70b448750_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:38d189fb8c68a5c1566fb87fc80c633ee21d351a9905cfb17d4585d70b448750?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.12.2-4"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:127ede6c4d4e1d9e1e3639a7002b220e8b5610a0dbb86439f0fd21d7f2a60061_amd64",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:127ede6c4d4e1d9e1e3639a7002b220e8b5610a0dbb86439f0fd21d7f2a60061_amd64",
"product_id": "odf4/odr-rhel8-operator@sha256:127ede6c4d4e1d9e1e3639a7002b220e8b5610a0dbb86439f0fd21d7f2a60061_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:127ede6c4d4e1d9e1e3639a7002b220e8b5610a0dbb86439f0fd21d7f2a60061?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.12.2-2"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:a471ad0f59a27bd83a72f56016a53385692b23311ee37e74ae89a067fa931b49_amd64",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:a471ad0f59a27bd83a72f56016a53385692b23311ee37e74ae89a067fa931b49_amd64",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:a471ad0f59a27bd83a72f56016a53385692b23311ee37e74ae89a067fa931b49_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:a471ad0f59a27bd83a72f56016a53385692b23311ee37e74ae89a067fa931b49?arch=amd64\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.12.2-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:02a45a4526c44cd9723abb0e155a627cd0d7e827dc11e4679ddab1067cf82239_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:02a45a4526c44cd9723abb0e155a627cd0d7e827dc11e4679ddab1067cf82239_amd64"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:02a45a4526c44cd9723abb0e155a627cd0d7e827dc11e4679ddab1067cf82239_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:26cd66e3c1b82d8466b45ad04821c15a570ecb4527f5b21e7b80e8c2addc7779_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:26cd66e3c1b82d8466b45ad04821c15a570ecb4527f5b21e7b80e8c2addc7779_s390x"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:26cd66e3c1b82d8466b45ad04821c15a570ecb4527f5b21e7b80e8c2addc7779_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:ec31241541e2abd78bf8cf2a627c7c2372f613462f450f244b5652de4f84be75_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:ec31241541e2abd78bf8cf2a627c7c2372f613462f450f244b5652de4f84be75_ppc64le"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:ec31241541e2abd78bf8cf2a627c7c2372f613462f450f244b5652de4f84be75_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:8e832ccabcce01c544a66a8f0dce82bf817fbb57b9c32f9d08fb6648615017a8_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:8e832ccabcce01c544a66a8f0dce82bf817fbb57b9c32f9d08fb6648615017a8_ppc64le"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:8e832ccabcce01c544a66a8f0dce82bf817fbb57b9c32f9d08fb6648615017a8_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:b6259101dd506a40cf2ada869a74c6dfee70c962ef33059beb93a566fc6a7352_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:b6259101dd506a40cf2ada869a74c6dfee70c962ef33059beb93a566fc6a7352_s390x"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:b6259101dd506a40cf2ada869a74c6dfee70c962ef33059beb93a566fc6a7352_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:f870f0e1c9101cc1235955958132cdccc4239a394a91b794f9c7d1076a831fc3_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:f870f0e1c9101cc1235955958132cdccc4239a394a91b794f9c7d1076a831fc3_amd64"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:f870f0e1c9101cc1235955958132cdccc4239a394a91b794f9c7d1076a831fc3_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:ae25765423b3c26edbf244565fda9bb803f3f88806e5ad7351e7eea5249dab32_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:ae25765423b3c26edbf244565fda9bb803f3f88806e5ad7351e7eea5249dab32_s390x"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:ae25765423b3c26edbf244565fda9bb803f3f88806e5ad7351e7eea5249dab32_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:b359aa18d0e121a5a8806c3bfcab145a432068d96023e1dfb6c0ff61729530ed_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:b359aa18d0e121a5a8806c3bfcab145a432068d96023e1dfb6c0ff61729530ed_amd64"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:b359aa18d0e121a5a8806c3bfcab145a432068d96023e1dfb6c0ff61729530ed_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:c8d9b5a89e1855d531c36376b746dd04a7bdcce04b756a5e0575eb607cd4c5fb_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:c8d9b5a89e1855d531c36376b746dd04a7bdcce04b756a5e0575eb607cd4c5fb_ppc64le"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:c8d9b5a89e1855d531c36376b746dd04a7bdcce04b756a5e0575eb607cd4c5fb_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:571a9816824bd780addd14bdebdfa33d6e2dae774d2eaf3ce4598f77c5d2f46c_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:571a9816824bd780addd14bdebdfa33d6e2dae774d2eaf3ce4598f77c5d2f46c_ppc64le"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:571a9816824bd780addd14bdebdfa33d6e2dae774d2eaf3ce4598f77c5d2f46c_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:6e707cf70c75e3ffe056c741e8f8a743f9274c31136e1e6b0d54849f97f9e839_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:6e707cf70c75e3ffe056c741e8f8a743f9274c31136e1e6b0d54849f97f9e839_s390x"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:6e707cf70c75e3ffe056c741e8f8a743f9274c31136e1e6b0d54849f97f9e839_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:780f21748e8a2e93c825b73dfa339a10eb40ed118440ec1e6463f18be050660b_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:780f21748e8a2e93c825b73dfa339a10eb40ed118440ec1e6463f18be050660b_amd64"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:780f21748e8a2e93c825b73dfa339a10eb40ed118440ec1e6463f18be050660b_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:02aa79c70cdd7d6705901a0251ee034d6f99babffd6b53d284b2887977da56a2_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:02aa79c70cdd7d6705901a0251ee034d6f99babffd6b53d284b2887977da56a2_ppc64le"
},
"product_reference": "odf4/ocs-metrics-exporter-rhel8@sha256:02aa79c70cdd7d6705901a0251ee034d6f99babffd6b53d284b2887977da56a2_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:0c16859624d28c4ead088206ffe90a931950846a3f468ffe4180384fafb2e914_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:0c16859624d28c4ead088206ffe90a931950846a3f468ffe4180384fafb2e914_amd64"
},
"product_reference": "odf4/ocs-metrics-exporter-rhel8@sha256:0c16859624d28c4ead088206ffe90a931950846a3f468ffe4180384fafb2e914_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:6f263c6ff6c9eb52d5a74977705357422750016f0e20aa5b4f0a2758ae2bf714_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:6f263c6ff6c9eb52d5a74977705357422750016f0e20aa5b4f0a2758ae2bf714_s390x"
},
"product_reference": "odf4/ocs-metrics-exporter-rhel8@sha256:6f263c6ff6c9eb52d5a74977705357422750016f0e20aa5b4f0a2758ae2bf714_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:d9869214ad82dbe0822c6d2fc6e68d3cc5f136eea360c6aa35ef80fc042e0e4f_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:d9869214ad82dbe0822c6d2fc6e68d3cc5f136eea360c6aa35ef80fc042e0e4f_ppc64le"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:d9869214ad82dbe0822c6d2fc6e68d3cc5f136eea360c6aa35ef80fc042e0e4f_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:e4a184006675f2b90d4d61dff86314567926a462221d719d4f49b5aa539fd4d7_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:e4a184006675f2b90d4d61dff86314567926a462221d719d4f49b5aa539fd4d7_amd64"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:e4a184006675f2b90d4d61dff86314567926a462221d719d4f49b5aa539fd4d7_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:f8bb8fc209169c07136bf564d008dc945022d91a2b9701a2c26a8c9e119e48ae_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:f8bb8fc209169c07136bf564d008dc945022d91a2b9701a2c26a8c9e119e48ae_s390x"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:f8bb8fc209169c07136bf564d008dc945022d91a2b9701a2c26a8c9e119e48ae_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:1ceee23741fdbd8ea57c896394b7907a0d085747761aaff7499f9acd3da12c05_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:1ceee23741fdbd8ea57c896394b7907a0d085747761aaff7499f9acd3da12c05_ppc64le"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:1ceee23741fdbd8ea57c896394b7907a0d085747761aaff7499f9acd3da12c05_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:5a7eb94cbe7c3c3beb5b0b578a594db5b21952a917b80d5d144fd131983136f6_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:5a7eb94cbe7c3c3beb5b0b578a594db5b21952a917b80d5d144fd131983136f6_amd64"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:5a7eb94cbe7c3c3beb5b0b578a594db5b21952a917b80d5d144fd131983136f6_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:df37316320641fb32a777267be06ffcf40fac7c5e18347f9082b1ca16e64e6fb_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:df37316320641fb32a777267be06ffcf40fac7c5e18347f9082b1ca16e64e6fb_s390x"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:df37316320641fb32a777267be06ffcf40fac7c5e18347f9082b1ca16e64e6fb_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:aa296e043b81a7a56f50a030f145fc3ef29f5a5cd629b2e443ae4ebd4a579949_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:aa296e043b81a7a56f50a030f145fc3ef29f5a5cd629b2e443ae4ebd4a579949_amd64"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:aa296e043b81a7a56f50a030f145fc3ef29f5a5cd629b2e443ae4ebd4a579949_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:b79e124c25a496d6faf8cb4fc2b6c6cfc16168a375ab74d646aeb47b7d313432_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:b79e124c25a496d6faf8cb4fc2b6c6cfc16168a375ab74d646aeb47b7d313432_ppc64le"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:b79e124c25a496d6faf8cb4fc2b6c6cfc16168a375ab74d646aeb47b7d313432_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:f3febb8c575c0008630db316cd445ebfeb4cf22729109d29649e90835cf9864a_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:f3febb8c575c0008630db316cd445ebfeb4cf22729109d29649e90835cf9864a_s390x"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:f3febb8c575c0008630db316cd445ebfeb4cf22729109d29649e90835cf9864a_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:05ded1646a55559834a7b5b73efe4cc75eb5766dacbd13625ac762f6b653cd06_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:05ded1646a55559834a7b5b73efe4cc75eb5766dacbd13625ac762f6b653cd06_s390x"
},
"product_reference": "odf4/odf-console-rhel8@sha256:05ded1646a55559834a7b5b73efe4cc75eb5766dacbd13625ac762f6b653cd06_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:06fcb2723384a47645b02b1e5bf204ee164c237d5858d54dcdf824a3ed0dbb92_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:06fcb2723384a47645b02b1e5bf204ee164c237d5858d54dcdf824a3ed0dbb92_ppc64le"
},
"product_reference": "odf4/odf-console-rhel8@sha256:06fcb2723384a47645b02b1e5bf204ee164c237d5858d54dcdf824a3ed0dbb92_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:9f618cd8acce0a97eb6da2bd07a198a5ea6dde4f89aed5d3db690e693b934e7b_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:9f618cd8acce0a97eb6da2bd07a198a5ea6dde4f89aed5d3db690e693b934e7b_amd64"
},
"product_reference": "odf4/odf-console-rhel8@sha256:9f618cd8acce0a97eb6da2bd07a198a5ea6dde4f89aed5d3db690e693b934e7b_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:a03151222a299e9994de4e490169f326fe97b770966e37107d6615e4f8e5ed54_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:a03151222a299e9994de4e490169f326fe97b770966e37107d6615e4f8e5ed54_s390x"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:a03151222a299e9994de4e490169f326fe97b770966e37107d6615e4f8e5ed54_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:c749a20a95dd9a2d494c6850269da4c785a991f7f8315f284eb40a009012fad8_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:c749a20a95dd9a2d494c6850269da4c785a991f7f8315f284eb40a009012fad8_amd64"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:c749a20a95dd9a2d494c6850269da4c785a991f7f8315f284eb40a009012fad8_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:eb9a4f71876b95ae09ff265bd775213e5ab5a0a52df72b0e81a235ef9b4dfa0c_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:eb9a4f71876b95ae09ff265bd775213e5ab5a0a52df72b0e81a235ef9b4dfa0c_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:eb9a4f71876b95ae09ff265bd775213e5ab5a0a52df72b0e81a235ef9b4dfa0c_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:34c31af6bc9075c1e87707424bbd73b2cd958a60a66c6ab2b0b9d0dd5cf43d71_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:34c31af6bc9075c1e87707424bbd73b2cd958a60a66c6ab2b0b9d0dd5cf43d71_amd64"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:34c31af6bc9075c1e87707424bbd73b2cd958a60a66c6ab2b0b9d0dd5cf43d71_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:81d995804e8323c5d3f8d97e4cfe3994f8557a570d95ef54d3a3fdb92983e36a_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:81d995804e8323c5d3f8d97e4cfe3994f8557a570d95ef54d3a3fdb92983e36a_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:81d995804e8323c5d3f8d97e4cfe3994f8557a570d95ef54d3a3fdb92983e36a_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:dddbe73a0d0cb9cffef5cfe6c29d2fe5b1c47af44e461958dd40a7b1be7655d4_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:dddbe73a0d0cb9cffef5cfe6c29d2fe5b1c47af44e461958dd40a7b1be7655d4_s390x"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:dddbe73a0d0cb9cffef5cfe6c29d2fe5b1c47af44e461958dd40a7b1be7655d4_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0ef01ac2d319f6316a471a598c228b548496c34f65ac3408b7972a04b0322e9d_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:0ef01ac2d319f6316a471a598c228b548496c34f65ac3408b7972a04b0322e9d_s390x"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0ef01ac2d319f6316a471a598c228b548496c34f65ac3408b7972a04b0322e9d_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:279143d15ee81346544f3d349c31ceca4a961b7a0335ef244897b6f9539b0853_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:279143d15ee81346544f3d349c31ceca4a961b7a0335ef244897b6f9539b0853_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:279143d15ee81346544f3d349c31ceca4a961b7a0335ef244897b6f9539b0853_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:ab6ef8e5bac5ed45620fd70046fae897edf2cb4c3f979f143925ff25e39573fe_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:ab6ef8e5bac5ed45620fd70046fae897edf2cb4c3f979f143925ff25e39573fe_amd64"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:ab6ef8e5bac5ed45620fd70046fae897edf2cb4c3f979f143925ff25e39573fe_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:2c3875c244464a22072601e67a8f823f668e184f5409a00ddbb76c210d16c308_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:2c3875c244464a22072601e67a8f823f668e184f5409a00ddbb76c210d16c308_s390x"
},
"product_reference": "odf4/odf-multicluster-console-rhel8@sha256:2c3875c244464a22072601e67a8f823f668e184f5409a00ddbb76c210d16c308_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:f233577ffe579fe96f2bc5e40b31c503d07c1286a4552d13817f29e32a630bbf_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:f233577ffe579fe96f2bc5e40b31c503d07c1286a4552d13817f29e32a630bbf_ppc64le"
},
"product_reference": "odf4/odf-multicluster-console-rhel8@sha256:f233577ffe579fe96f2bc5e40b31c503d07c1286a4552d13817f29e32a630bbf_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:f91d25a2921acf5dd00c1e02d5004369fb774ac35e74d2ca700707463abc3de9_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:f91d25a2921acf5dd00c1e02d5004369fb774ac35e74d2ca700707463abc3de9_amd64"
},
"product_reference": "odf4/odf-multicluster-console-rhel8@sha256:f91d25a2921acf5dd00c1e02d5004369fb774ac35e74d2ca700707463abc3de9_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:3b6baf191b4c18ab9919b2fdb466fff213423a317a7a4693e8c6b6bbe49fad0e_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:3b6baf191b4c18ab9919b2fdb466fff213423a317a7a4693e8c6b6bbe49fad0e_amd64"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:3b6baf191b4c18ab9919b2fdb466fff213423a317a7a4693e8c6b6bbe49fad0e_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:5ff129c7bd9895bd061b3f909dfa618a39de63c1a8962909fbd276ddb3cc0eac_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:5ff129c7bd9895bd061b3f909dfa618a39de63c1a8962909fbd276ddb3cc0eac_s390x"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:5ff129c7bd9895bd061b3f909dfa618a39de63c1a8962909fbd276ddb3cc0eac_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:ce1e95332f5a1f26fda686689524434440cfaf79157b03e19bc6d5a8174ba08c_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:ce1e95332f5a1f26fda686689524434440cfaf79157b03e19bc6d5a8174ba08c_ppc64le"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:ce1e95332f5a1f26fda686689524434440cfaf79157b03e19bc6d5a8174ba08c_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:457dc81080a0b9eb0920edf2f4b485b004bd052b2aed5f67271deeface6d5bcb_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:457dc81080a0b9eb0920edf2f4b485b004bd052b2aed5f67271deeface6d5bcb_ppc64le"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:457dc81080a0b9eb0920edf2f4b485b004bd052b2aed5f67271deeface6d5bcb_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:4882968a8b7e1409be1ffa26de6f7f8d07d381e2b43f79ce7a48b3ac9a6eb31e_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:4882968a8b7e1409be1ffa26de6f7f8d07d381e2b43f79ce7a48b3ac9a6eb31e_amd64"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:4882968a8b7e1409be1ffa26de6f7f8d07d381e2b43f79ce7a48b3ac9a6eb31e_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:5eacb98798e5cdb5230cabc933e73274a97fe4c1e08b2c56f830577ec86461c5_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:5eacb98798e5cdb5230cabc933e73274a97fe4c1e08b2c56f830577ec86461c5_s390x"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:5eacb98798e5cdb5230cabc933e73274a97fe4c1e08b2c56f830577ec86461c5_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:5b2c4038514d3ad2a50a0f1ff69d8bb1b63f68dc0a65cc59d84992544b129748_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:5b2c4038514d3ad2a50a0f1ff69d8bb1b63f68dc0a65cc59d84992544b129748_s390x"
},
"product_reference": "odf4/odf-operator-bundle@sha256:5b2c4038514d3ad2a50a0f1ff69d8bb1b63f68dc0a65cc59d84992544b129748_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:d5cb1e7b977ac06f3d135b75039f5e7d9b72712fb56da46b3197934468087089_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:d5cb1e7b977ac06f3d135b75039f5e7d9b72712fb56da46b3197934468087089_ppc64le"
},
"product_reference": "odf4/odf-operator-bundle@sha256:d5cb1e7b977ac06f3d135b75039f5e7d9b72712fb56da46b3197934468087089_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:ed4edaaa3aff9484ad8edf73b79674239b08e46b47783a32c2cdd30580a76f65_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:ed4edaaa3aff9484ad8edf73b79674239b08e46b47783a32c2cdd30580a76f65_amd64"
},
"product_reference": "odf4/odf-operator-bundle@sha256:ed4edaaa3aff9484ad8edf73b79674239b08e46b47783a32c2cdd30580a76f65_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:548824cea11b74bd3cf029362e0af7ca4e274106536969e06100ed4d8e04c2ae_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:548824cea11b74bd3cf029362e0af7ca4e274106536969e06100ed4d8e04c2ae_ppc64le"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:548824cea11b74bd3cf029362e0af7ca4e274106536969e06100ed4d8e04c2ae_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:93687d26b46bc7de5341a5e11a8040fcf47faaf8a21ce6dfd2128a00ede4ba40_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:93687d26b46bc7de5341a5e11a8040fcf47faaf8a21ce6dfd2128a00ede4ba40_amd64"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:93687d26b46bc7de5341a5e11a8040fcf47faaf8a21ce6dfd2128a00ede4ba40_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:ab710ac2f356c8328dddbd1471b0952ffd529de61630dd0d3702e8f9ab17834a_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:ab710ac2f356c8328dddbd1471b0952ffd529de61630dd0d3702e8f9ab17834a_s390x"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:ab710ac2f356c8328dddbd1471b0952ffd529de61630dd0d3702e8f9ab17834a_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:08fb694a868637cc78da5d9a9a7de71c8f36ce54a8a66860aac95c9434207b80_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:08fb694a868637cc78da5d9a9a7de71c8f36ce54a8a66860aac95c9434207b80_amd64"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:08fb694a868637cc78da5d9a9a7de71c8f36ce54a8a66860aac95c9434207b80_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:34a6065837c1298716257cf0d393d2976d617442690ef476d18f582d179f933f_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:34a6065837c1298716257cf0d393d2976d617442690ef476d18f582d179f933f_ppc64le"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:34a6065837c1298716257cf0d393d2976d617442690ef476d18f582d179f933f_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:ea93d88a9abce4772f7fea2e1833d708f70261c99e4954fd1917d8ee8af3105e_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:ea93d88a9abce4772f7fea2e1833d708f70261c99e4954fd1917d8ee8af3105e_s390x"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:ea93d88a9abce4772f7fea2e1833d708f70261c99e4954fd1917d8ee8af3105e_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:1c069d2e9b67ebcbaf69d6410556a52acdb54e2eb40fa6894bc849c7786d9453_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:1c069d2e9b67ebcbaf69d6410556a52acdb54e2eb40fa6894bc849c7786d9453_ppc64le"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:1c069d2e9b67ebcbaf69d6410556a52acdb54e2eb40fa6894bc849c7786d9453_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:38d189fb8c68a5c1566fb87fc80c633ee21d351a9905cfb17d4585d70b448750_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:38d189fb8c68a5c1566fb87fc80c633ee21d351a9905cfb17d4585d70b448750_amd64"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:38d189fb8c68a5c1566fb87fc80c633ee21d351a9905cfb17d4585d70b448750_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:a10ee5a6d0925df1836742715253826171f698655c4977ae2825bdab4eb19288_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:a10ee5a6d0925df1836742715253826171f698655c4977ae2825bdab4eb19288_s390x"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:a10ee5a6d0925df1836742715253826171f698655c4977ae2825bdab4eb19288_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:120ed6dbb7c2001e81ba53ec2a64f5ee8e5108ff65ffbda481cb37b8c548e40f_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:120ed6dbb7c2001e81ba53ec2a64f5ee8e5108ff65ffbda481cb37b8c548e40f_s390x"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:120ed6dbb7c2001e81ba53ec2a64f5ee8e5108ff65ffbda481cb37b8c548e40f_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:127ede6c4d4e1d9e1e3639a7002b220e8b5610a0dbb86439f0fd21d7f2a60061_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:127ede6c4d4e1d9e1e3639a7002b220e8b5610a0dbb86439f0fd21d7f2a60061_amd64"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:127ede6c4d4e1d9e1e3639a7002b220e8b5610a0dbb86439f0fd21d7f2a60061_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:43b8ec1e8a4064044087ddfe6f69923bce5760fd6584796b658d91ae5a578af1_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:43b8ec1e8a4064044087ddfe6f69923bce5760fd6584796b658d91ae5a578af1_ppc64le"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:43b8ec1e8a4064044087ddfe6f69923bce5760fd6584796b658d91ae5a578af1_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:a471ad0f59a27bd83a72f56016a53385692b23311ee37e74ae89a067fa931b49_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:a471ad0f59a27bd83a72f56016a53385692b23311ee37e74ae89a067fa931b49_amd64"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:a471ad0f59a27bd83a72f56016a53385692b23311ee37e74ae89a067fa931b49_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:a7a9d2468137c9c37acd96f3754088186491317d90537c6f90cf7a24bbe99ca3_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:a7a9d2468137c9c37acd96f3754088186491317d90537c6f90cf7a24bbe99ca3_s390x"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:a7a9d2468137c9c37acd96f3754088186491317d90537c6f90cf7a24bbe99ca3_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:e1c44a717f76e99f94453222c26c11122a12ff1257b52a5df5e2f298f648d7fc_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:e1c44a717f76e99f94453222c26c11122a12ff1257b52a5df5e2f298f648d7fc_ppc64le"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:e1c44a717f76e99f94453222c26c11122a12ff1257b52a5df5e2f298f648d7fc_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:02a45a4526c44cd9723abb0e155a627cd0d7e827dc11e4679ddab1067cf82239_amd64",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:26cd66e3c1b82d8466b45ad04821c15a570ecb4527f5b21e7b80e8c2addc7779_s390x",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:ec31241541e2abd78bf8cf2a627c7c2372f613462f450f244b5652de4f84be75_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:8e832ccabcce01c544a66a8f0dce82bf817fbb57b9c32f9d08fb6648615017a8_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:b6259101dd506a40cf2ada869a74c6dfee70c962ef33059beb93a566fc6a7352_s390x",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:f870f0e1c9101cc1235955958132cdccc4239a394a91b794f9c7d1076a831fc3_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:ae25765423b3c26edbf244565fda9bb803f3f88806e5ad7351e7eea5249dab32_s390x",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:b359aa18d0e121a5a8806c3bfcab145a432068d96023e1dfb6c0ff61729530ed_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:c8d9b5a89e1855d531c36376b746dd04a7bdcce04b756a5e0575eb607cd4c5fb_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:571a9816824bd780addd14bdebdfa33d6e2dae774d2eaf3ce4598f77c5d2f46c_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:6e707cf70c75e3ffe056c741e8f8a743f9274c31136e1e6b0d54849f97f9e839_s390x",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:780f21748e8a2e93c825b73dfa339a10eb40ed118440ec1e6463f18be050660b_amd64",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:02aa79c70cdd7d6705901a0251ee034d6f99babffd6b53d284b2887977da56a2_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:0c16859624d28c4ead088206ffe90a931950846a3f468ffe4180384fafb2e914_amd64",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:6f263c6ff6c9eb52d5a74977705357422750016f0e20aa5b4f0a2758ae2bf714_s390x",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:d9869214ad82dbe0822c6d2fc6e68d3cc5f136eea360c6aa35ef80fc042e0e4f_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:e4a184006675f2b90d4d61dff86314567926a462221d719d4f49b5aa539fd4d7_amd64",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:f8bb8fc209169c07136bf564d008dc945022d91a2b9701a2c26a8c9e119e48ae_s390x",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:1ceee23741fdbd8ea57c896394b7907a0d085747761aaff7499f9acd3da12c05_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:5a7eb94cbe7c3c3beb5b0b578a594db5b21952a917b80d5d144fd131983136f6_amd64",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:df37316320641fb32a777267be06ffcf40fac7c5e18347f9082b1ca16e64e6fb_s390x",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:aa296e043b81a7a56f50a030f145fc3ef29f5a5cd629b2e443ae4ebd4a579949_amd64",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:b79e124c25a496d6faf8cb4fc2b6c6cfc16168a375ab74d646aeb47b7d313432_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:f3febb8c575c0008630db316cd445ebfeb4cf22729109d29649e90835cf9864a_s390x",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:05ded1646a55559834a7b5b73efe4cc75eb5766dacbd13625ac762f6b653cd06_s390x",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:06fcb2723384a47645b02b1e5bf204ee164c237d5858d54dcdf824a3ed0dbb92_ppc64le",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:9f618cd8acce0a97eb6da2bd07a198a5ea6dde4f89aed5d3db690e693b934e7b_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:a03151222a299e9994de4e490169f326fe97b770966e37107d6615e4f8e5ed54_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:c749a20a95dd9a2d494c6850269da4c785a991f7f8315f284eb40a009012fad8_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:eb9a4f71876b95ae09ff265bd775213e5ab5a0a52df72b0e81a235ef9b4dfa0c_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:34c31af6bc9075c1e87707424bbd73b2cd958a60a66c6ab2b0b9d0dd5cf43d71_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:81d995804e8323c5d3f8d97e4cfe3994f8557a570d95ef54d3a3fdb92983e36a_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:dddbe73a0d0cb9cffef5cfe6c29d2fe5b1c47af44e461958dd40a7b1be7655d4_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:0ef01ac2d319f6316a471a598c228b548496c34f65ac3408b7972a04b0322e9d_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:279143d15ee81346544f3d349c31ceca4a961b7a0335ef244897b6f9539b0853_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:ab6ef8e5bac5ed45620fd70046fae897edf2cb4c3f979f143925ff25e39573fe_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:2c3875c244464a22072601e67a8f823f668e184f5409a00ddbb76c210d16c308_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:f233577ffe579fe96f2bc5e40b31c503d07c1286a4552d13817f29e32a630bbf_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:f91d25a2921acf5dd00c1e02d5004369fb774ac35e74d2ca700707463abc3de9_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:3b6baf191b4c18ab9919b2fdb466fff213423a317a7a4693e8c6b6bbe49fad0e_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:5ff129c7bd9895bd061b3f909dfa618a39de63c1a8962909fbd276ddb3cc0eac_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:ce1e95332f5a1f26fda686689524434440cfaf79157b03e19bc6d5a8174ba08c_ppc64le",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:5b2c4038514d3ad2a50a0f1ff69d8bb1b63f68dc0a65cc59d84992544b129748_s390x",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:d5cb1e7b977ac06f3d135b75039f5e7d9b72712fb56da46b3197934468087089_ppc64le",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:ed4edaaa3aff9484ad8edf73b79674239b08e46b47783a32c2cdd30580a76f65_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:548824cea11b74bd3cf029362e0af7ca4e274106536969e06100ed4d8e04c2ae_ppc64le",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:93687d26b46bc7de5341a5e11a8040fcf47faaf8a21ce6dfd2128a00ede4ba40_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:ab710ac2f356c8328dddbd1471b0952ffd529de61630dd0d3702e8f9ab17834a_s390x",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:08fb694a868637cc78da5d9a9a7de71c8f36ce54a8a66860aac95c9434207b80_amd64",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:34a6065837c1298716257cf0d393d2976d617442690ef476d18f582d179f933f_ppc64le",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:ea93d88a9abce4772f7fea2e1833d708f70261c99e4954fd1917d8ee8af3105e_s390x",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:1c069d2e9b67ebcbaf69d6410556a52acdb54e2eb40fa6894bc849c7786d9453_ppc64le",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:38d189fb8c68a5c1566fb87fc80c633ee21d351a9905cfb17d4585d70b448750_amd64",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:a10ee5a6d0925df1836742715253826171f698655c4977ae2825bdab4eb19288_s390x",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:120ed6dbb7c2001e81ba53ec2a64f5ee8e5108ff65ffbda481cb37b8c548e40f_s390x",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:127ede6c4d4e1d9e1e3639a7002b220e8b5610a0dbb86439f0fd21d7f2a60061_amd64",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:43b8ec1e8a4064044087ddfe6f69923bce5760fd6584796b658d91ae5a578af1_ppc64le",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:a471ad0f59a27bd83a72f56016a53385692b23311ee37e74ae89a067fa931b49_amd64",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:a7a9d2468137c9c37acd96f3754088186491317d90537c6f90cf7a24bbe99ca3_s390x",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:e1c44a717f76e99f94453222c26c11122a12ff1257b52a5df5e2f298f648d7fc_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:457dc81080a0b9eb0920edf2f4b485b004bd052b2aed5f67271deeface6d5bcb_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:4882968a8b7e1409be1ffa26de6f7f8d07d381e2b43f79ce7a48b3ac9a6eb31e_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:5eacb98798e5cdb5230cabc933e73274a97fe4c1e08b2c56f830577ec86461c5_s390x"
],
"known_not_affected": [
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:02a45a4526c44cd9723abb0e155a627cd0d7e827dc11e4679ddab1067cf82239_amd64",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:26cd66e3c1b82d8466b45ad04821c15a570ecb4527f5b21e7b80e8c2addc7779_s390x",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:ec31241541e2abd78bf8cf2a627c7c2372f613462f450f244b5652de4f84be75_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:8e832ccabcce01c544a66a8f0dce82bf817fbb57b9c32f9d08fb6648615017a8_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:b6259101dd506a40cf2ada869a74c6dfee70c962ef33059beb93a566fc6a7352_s390x",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:f870f0e1c9101cc1235955958132cdccc4239a394a91b794f9c7d1076a831fc3_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:ae25765423b3c26edbf244565fda9bb803f3f88806e5ad7351e7eea5249dab32_s390x",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:b359aa18d0e121a5a8806c3bfcab145a432068d96023e1dfb6c0ff61729530ed_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:c8d9b5a89e1855d531c36376b746dd04a7bdcce04b756a5e0575eb607cd4c5fb_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:571a9816824bd780addd14bdebdfa33d6e2dae774d2eaf3ce4598f77c5d2f46c_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:6e707cf70c75e3ffe056c741e8f8a743f9274c31136e1e6b0d54849f97f9e839_s390x",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:780f21748e8a2e93c825b73dfa339a10eb40ed118440ec1e6463f18be050660b_amd64",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:02aa79c70cdd7d6705901a0251ee034d6f99babffd6b53d284b2887977da56a2_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:0c16859624d28c4ead088206ffe90a931950846a3f468ffe4180384fafb2e914_amd64",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:6f263c6ff6c9eb52d5a74977705357422750016f0e20aa5b4f0a2758ae2bf714_s390x",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:d9869214ad82dbe0822c6d2fc6e68d3cc5f136eea360c6aa35ef80fc042e0e4f_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:e4a184006675f2b90d4d61dff86314567926a462221d719d4f49b5aa539fd4d7_amd64",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:f8bb8fc209169c07136bf564d008dc945022d91a2b9701a2c26a8c9e119e48ae_s390x",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:1ceee23741fdbd8ea57c896394b7907a0d085747761aaff7499f9acd3da12c05_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:5a7eb94cbe7c3c3beb5b0b578a594db5b21952a917b80d5d144fd131983136f6_amd64",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:df37316320641fb32a777267be06ffcf40fac7c5e18347f9082b1ca16e64e6fb_s390x",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:aa296e043b81a7a56f50a030f145fc3ef29f5a5cd629b2e443ae4ebd4a579949_amd64",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:b79e124c25a496d6faf8cb4fc2b6c6cfc16168a375ab74d646aeb47b7d313432_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:f3febb8c575c0008630db316cd445ebfeb4cf22729109d29649e90835cf9864a_s390x",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:05ded1646a55559834a7b5b73efe4cc75eb5766dacbd13625ac762f6b653cd06_s390x",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:06fcb2723384a47645b02b1e5bf204ee164c237d5858d54dcdf824a3ed0dbb92_ppc64le",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:9f618cd8acce0a97eb6da2bd07a198a5ea6dde4f89aed5d3db690e693b934e7b_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:a03151222a299e9994de4e490169f326fe97b770966e37107d6615e4f8e5ed54_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:c749a20a95dd9a2d494c6850269da4c785a991f7f8315f284eb40a009012fad8_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:eb9a4f71876b95ae09ff265bd775213e5ab5a0a52df72b0e81a235ef9b4dfa0c_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:34c31af6bc9075c1e87707424bbd73b2cd958a60a66c6ab2b0b9d0dd5cf43d71_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:81d995804e8323c5d3f8d97e4cfe3994f8557a570d95ef54d3a3fdb92983e36a_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:dddbe73a0d0cb9cffef5cfe6c29d2fe5b1c47af44e461958dd40a7b1be7655d4_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:0ef01ac2d319f6316a471a598c228b548496c34f65ac3408b7972a04b0322e9d_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:279143d15ee81346544f3d349c31ceca4a961b7a0335ef244897b6f9539b0853_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:ab6ef8e5bac5ed45620fd70046fae897edf2cb4c3f979f143925ff25e39573fe_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:2c3875c244464a22072601e67a8f823f668e184f5409a00ddbb76c210d16c308_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:f233577ffe579fe96f2bc5e40b31c503d07c1286a4552d13817f29e32a630bbf_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:f91d25a2921acf5dd00c1e02d5004369fb774ac35e74d2ca700707463abc3de9_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:3b6baf191b4c18ab9919b2fdb466fff213423a317a7a4693e8c6b6bbe49fad0e_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:5ff129c7bd9895bd061b3f909dfa618a39de63c1a8962909fbd276ddb3cc0eac_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:ce1e95332f5a1f26fda686689524434440cfaf79157b03e19bc6d5a8174ba08c_ppc64le",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:5b2c4038514d3ad2a50a0f1ff69d8bb1b63f68dc0a65cc59d84992544b129748_s390x",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:d5cb1e7b977ac06f3d135b75039f5e7d9b72712fb56da46b3197934468087089_ppc64le",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:ed4edaaa3aff9484ad8edf73b79674239b08e46b47783a32c2cdd30580a76f65_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:548824cea11b74bd3cf029362e0af7ca4e274106536969e06100ed4d8e04c2ae_ppc64le",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:93687d26b46bc7de5341a5e11a8040fcf47faaf8a21ce6dfd2128a00ede4ba40_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:ab710ac2f356c8328dddbd1471b0952ffd529de61630dd0d3702e8f9ab17834a_s390x",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:08fb694a868637cc78da5d9a9a7de71c8f36ce54a8a66860aac95c9434207b80_amd64",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:34a6065837c1298716257cf0d393d2976d617442690ef476d18f582d179f933f_ppc64le",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:ea93d88a9abce4772f7fea2e1833d708f70261c99e4954fd1917d8ee8af3105e_s390x",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:1c069d2e9b67ebcbaf69d6410556a52acdb54e2eb40fa6894bc849c7786d9453_ppc64le",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:38d189fb8c68a5c1566fb87fc80c633ee21d351a9905cfb17d4585d70b448750_amd64",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:a10ee5a6d0925df1836742715253826171f698655c4977ae2825bdab4eb19288_s390x",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:120ed6dbb7c2001e81ba53ec2a64f5ee8e5108ff65ffbda481cb37b8c548e40f_s390x",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:127ede6c4d4e1d9e1e3639a7002b220e8b5610a0dbb86439f0fd21d7f2a60061_amd64",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:43b8ec1e8a4064044087ddfe6f69923bce5760fd6584796b658d91ae5a578af1_ppc64le",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:a471ad0f59a27bd83a72f56016a53385692b23311ee37e74ae89a067fa931b49_amd64",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:a7a9d2468137c9c37acd96f3754088186491317d90537c6f90cf7a24bbe99ca3_s390x",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:e1c44a717f76e99f94453222c26c11122a12ff1257b52a5df5e2f298f648d7fc_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-17T22:34:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:457dc81080a0b9eb0920edf2f4b485b004bd052b2aed5f67271deeface6d5bcb_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:4882968a8b7e1409be1ffa26de6f7f8d07d381e2b43f79ce7a48b3ac9a6eb31e_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:5eacb98798e5cdb5230cabc933e73274a97fe4c1e08b2c56f830577ec86461c5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1816"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:02a45a4526c44cd9723abb0e155a627cd0d7e827dc11e4679ddab1067cf82239_amd64",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:26cd66e3c1b82d8466b45ad04821c15a570ecb4527f5b21e7b80e8c2addc7779_s390x",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:ec31241541e2abd78bf8cf2a627c7c2372f613462f450f244b5652de4f84be75_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:8e832ccabcce01c544a66a8f0dce82bf817fbb57b9c32f9d08fb6648615017a8_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:b6259101dd506a40cf2ada869a74c6dfee70c962ef33059beb93a566fc6a7352_s390x",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:f870f0e1c9101cc1235955958132cdccc4239a394a91b794f9c7d1076a831fc3_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:ae25765423b3c26edbf244565fda9bb803f3f88806e5ad7351e7eea5249dab32_s390x",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:b359aa18d0e121a5a8806c3bfcab145a432068d96023e1dfb6c0ff61729530ed_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:c8d9b5a89e1855d531c36376b746dd04a7bdcce04b756a5e0575eb607cd4c5fb_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:571a9816824bd780addd14bdebdfa33d6e2dae774d2eaf3ce4598f77c5d2f46c_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:6e707cf70c75e3ffe056c741e8f8a743f9274c31136e1e6b0d54849f97f9e839_s390x",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:780f21748e8a2e93c825b73dfa339a10eb40ed118440ec1e6463f18be050660b_amd64",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:02aa79c70cdd7d6705901a0251ee034d6f99babffd6b53d284b2887977da56a2_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:0c16859624d28c4ead088206ffe90a931950846a3f468ffe4180384fafb2e914_amd64",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:6f263c6ff6c9eb52d5a74977705357422750016f0e20aa5b4f0a2758ae2bf714_s390x",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:d9869214ad82dbe0822c6d2fc6e68d3cc5f136eea360c6aa35ef80fc042e0e4f_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:e4a184006675f2b90d4d61dff86314567926a462221d719d4f49b5aa539fd4d7_amd64",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:f8bb8fc209169c07136bf564d008dc945022d91a2b9701a2c26a8c9e119e48ae_s390x",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:1ceee23741fdbd8ea57c896394b7907a0d085747761aaff7499f9acd3da12c05_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:5a7eb94cbe7c3c3beb5b0b578a594db5b21952a917b80d5d144fd131983136f6_amd64",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:df37316320641fb32a777267be06ffcf40fac7c5e18347f9082b1ca16e64e6fb_s390x",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:aa296e043b81a7a56f50a030f145fc3ef29f5a5cd629b2e443ae4ebd4a579949_amd64",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:b79e124c25a496d6faf8cb4fc2b6c6cfc16168a375ab74d646aeb47b7d313432_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:f3febb8c575c0008630db316cd445ebfeb4cf22729109d29649e90835cf9864a_s390x",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:05ded1646a55559834a7b5b73efe4cc75eb5766dacbd13625ac762f6b653cd06_s390x",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:06fcb2723384a47645b02b1e5bf204ee164c237d5858d54dcdf824a3ed0dbb92_ppc64le",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:9f618cd8acce0a97eb6da2bd07a198a5ea6dde4f89aed5d3db690e693b934e7b_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:a03151222a299e9994de4e490169f326fe97b770966e37107d6615e4f8e5ed54_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:c749a20a95dd9a2d494c6850269da4c785a991f7f8315f284eb40a009012fad8_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:eb9a4f71876b95ae09ff265bd775213e5ab5a0a52df72b0e81a235ef9b4dfa0c_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:34c31af6bc9075c1e87707424bbd73b2cd958a60a66c6ab2b0b9d0dd5cf43d71_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:81d995804e8323c5d3f8d97e4cfe3994f8557a570d95ef54d3a3fdb92983e36a_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:dddbe73a0d0cb9cffef5cfe6c29d2fe5b1c47af44e461958dd40a7b1be7655d4_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:0ef01ac2d319f6316a471a598c228b548496c34f65ac3408b7972a04b0322e9d_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:279143d15ee81346544f3d349c31ceca4a961b7a0335ef244897b6f9539b0853_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:ab6ef8e5bac5ed45620fd70046fae897edf2cb4c3f979f143925ff25e39573fe_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:2c3875c244464a22072601e67a8f823f668e184f5409a00ddbb76c210d16c308_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:f233577ffe579fe96f2bc5e40b31c503d07c1286a4552d13817f29e32a630bbf_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:f91d25a2921acf5dd00c1e02d5004369fb774ac35e74d2ca700707463abc3de9_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:3b6baf191b4c18ab9919b2fdb466fff213423a317a7a4693e8c6b6bbe49fad0e_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:5ff129c7bd9895bd061b3f909dfa618a39de63c1a8962909fbd276ddb3cc0eac_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:ce1e95332f5a1f26fda686689524434440cfaf79157b03e19bc6d5a8174ba08c_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:457dc81080a0b9eb0920edf2f4b485b004bd052b2aed5f67271deeface6d5bcb_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:4882968a8b7e1409be1ffa26de6f7f8d07d381e2b43f79ce7a48b3ac9a6eb31e_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:5eacb98798e5cdb5230cabc933e73274a97fe4c1e08b2c56f830577ec86461c5_s390x",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:5b2c4038514d3ad2a50a0f1ff69d8bb1b63f68dc0a65cc59d84992544b129748_s390x",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:d5cb1e7b977ac06f3d135b75039f5e7d9b72712fb56da46b3197934468087089_ppc64le",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:ed4edaaa3aff9484ad8edf73b79674239b08e46b47783a32c2cdd30580a76f65_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:548824cea11b74bd3cf029362e0af7ca4e274106536969e06100ed4d8e04c2ae_ppc64le",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:93687d26b46bc7de5341a5e11a8040fcf47faaf8a21ce6dfd2128a00ede4ba40_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:ab710ac2f356c8328dddbd1471b0952ffd529de61630dd0d3702e8f9ab17834a_s390x",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:08fb694a868637cc78da5d9a9a7de71c8f36ce54a8a66860aac95c9434207b80_amd64",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:34a6065837c1298716257cf0d393d2976d617442690ef476d18f582d179f933f_ppc64le",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:ea93d88a9abce4772f7fea2e1833d708f70261c99e4954fd1917d8ee8af3105e_s390x",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:1c069d2e9b67ebcbaf69d6410556a52acdb54e2eb40fa6894bc849c7786d9453_ppc64le",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:38d189fb8c68a5c1566fb87fc80c633ee21d351a9905cfb17d4585d70b448750_amd64",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:a10ee5a6d0925df1836742715253826171f698655c4977ae2825bdab4eb19288_s390x",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:120ed6dbb7c2001e81ba53ec2a64f5ee8e5108ff65ffbda481cb37b8c548e40f_s390x",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:127ede6c4d4e1d9e1e3639a7002b220e8b5610a0dbb86439f0fd21d7f2a60061_amd64",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:43b8ec1e8a4064044087ddfe6f69923bce5760fd6584796b658d91ae5a578af1_ppc64le",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:a471ad0f59a27bd83a72f56016a53385692b23311ee37e74ae89a067fa931b49_amd64",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:a7a9d2468137c9c37acd96f3754088186491317d90537c6f90cf7a24bbe99ca3_s390x",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:e1c44a717f76e99f94453222c26c11122a12ff1257b52a5df5e2f298f648d7fc_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:1817
Vulnerability from csaf_redhat - Published: 2023-04-18 01:01 - Updated: 2026-06-14 08:44Summary
Red Hat Security Advisory: Network observability 1.2.0 for Openshift
Severity
Moderate
Notes
Topic: Network Observability 1.2.0 for OpenShift
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Network Observability 1.2.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent.
The operator provides dashboards, metrics, and keeps flows accessible in a
queryable log store, Grafana Loki. When a FlowCollector is deployed, new
dashboards are available in the Console.
This update contains bug fixes.
Security Fix(es):
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64 | — |
Threats
Impact
Moderate
References
46 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Network Observability 1.2.0 for OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Network Observability 1.2.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent.\n\nThe operator provides dashboards, metrics, and keeps flows accessible in a\nqueryable log store, Grafana Loki. When a FlowCollector is deployed, new\ndashboards are available in the Console.\n\nThis update contains bug fixes.\n\nSecurity Fix(es):\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n\n* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1817",
"url": "https://access.redhat.com/errata/RHSA-2023:1817"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2178488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488"
},
{
"category": "external",
"summary": "2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "NETOBSERV-142",
"url": "https://issues.redhat.com/browse/NETOBSERV-142"
},
{
"category": "external",
"summary": "NETOBSERV-350",
"url": "https://issues.redhat.com/browse/NETOBSERV-350"
},
{
"category": "external",
"summary": "NETOBSERV-521",
"url": "https://issues.redhat.com/browse/NETOBSERV-521"
},
{
"category": "external",
"summary": "NETOBSERV-617",
"url": "https://issues.redhat.com/browse/NETOBSERV-617"
},
{
"category": "external",
"summary": "NETOBSERV-658",
"url": "https://issues.redhat.com/browse/NETOBSERV-658"
},
{
"category": "external",
"summary": "NETOBSERV-684",
"url": "https://issues.redhat.com/browse/NETOBSERV-684"
},
{
"category": "external",
"summary": "NETOBSERV-696",
"url": "https://issues.redhat.com/browse/NETOBSERV-696"
},
{
"category": "external",
"summary": "NETOBSERV-755",
"url": "https://issues.redhat.com/browse/NETOBSERV-755"
},
{
"category": "external",
"summary": "NETOBSERV-772",
"url": "https://issues.redhat.com/browse/NETOBSERV-772"
},
{
"category": "external",
"summary": "NETOBSERV-774",
"url": "https://issues.redhat.com/browse/NETOBSERV-774"
},
{
"category": "external",
"summary": "NETOBSERV-785",
"url": "https://issues.redhat.com/browse/NETOBSERV-785"
},
{
"category": "external",
"summary": "NETOBSERV-793",
"url": "https://issues.redhat.com/browse/NETOBSERV-793"
},
{
"category": "external",
"summary": "NETOBSERV-844",
"url": "https://issues.redhat.com/browse/NETOBSERV-844"
},
{
"category": "external",
"summary": "NETOBSERV-857",
"url": "https://issues.redhat.com/browse/NETOBSERV-857"
},
{
"category": "external",
"summary": "NETOBSERV-868",
"url": "https://issues.redhat.com/browse/NETOBSERV-868"
},
{
"category": "external",
"summary": "NETOBSERV-889",
"url": "https://issues.redhat.com/browse/NETOBSERV-889"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1817.json"
}
],
"title": "Red Hat Security Advisory: Network observability 1.2.0 for Openshift",
"tracking": {
"current_release_date": "2026-06-14T08:44:57+00:00",
"generator": {
"date": "2026-06-14T08:44:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2023:1817",
"initial_release_date": "2023-04-18T01:01:18+00:00",
"revision_history": [
{
"date": "2023-04-18T01:01:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-04-18T01:01:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-14T08:44:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "NETOBSERV 1.2 for RHEL 9",
"product": {
"name": "NETOBSERV 1.2 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_observ_optr:1.2.0::el9"
}
}
}
],
"category": "product_family",
"name": "Network Observability"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.2.0-19"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.2.0-12"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.2.0-14"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.2.0-86"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.2.0-27"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64 as a component of NETOBSERV 1.2 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64 as a component of NETOBSERV 1.2 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64 as a component of NETOBSERV 1.2 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64 as a component of NETOBSERV 1.2 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64 as a component of NETOBSERV 1.2 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.2.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-18T01:01:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1817"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
},
{
"cve": "CVE-2022-41724",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178492"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: large handshake records may cause panics",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41724"
},
{
"category": "external",
"summary": "RHBZ#2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724"
},
{
"category": "external",
"summary": "https://go.dev/cl/468125",
"url": "https://go.dev/cl/468125"
},
{
"category": "external",
"summary": "https://go.dev/issue/58001",
"url": "https://go.dev/issue/58001"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1570",
"url": "https://pkg.go.dev/vuln/GO-2023-1570"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-18T01:01:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1817"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: large handshake records may cause panics"
},
{
"cve": "CVE-2022-41725",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178488"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, mime/multipart: denial of service from excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41725"
},
{
"category": "external",
"summary": "RHBZ#2178488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725"
},
{
"category": "external",
"summary": "https://go.dev/cl/468124",
"url": "https://go.dev/cl/468124"
},
{
"category": "external",
"summary": "https://go.dev/issue/58006",
"url": "https://go.dev/issue/58006"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1569",
"url": "https://pkg.go.dev/vuln/GO-2023-1569"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-18T01:01:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1817"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption"
}
]
}
RHSA-2023:2204
Vulnerability from csaf_redhat - Published: 2023-05-09 10:11 - Updated: 2026-06-20 07:30Summary
Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.
Security Fix(es):
* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch | — |
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch | — |
Threats
Impact
Moderate
References
52 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.\n\nSecurity Fix(es):\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2204",
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2119980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119980"
},
{
"category": "external",
"summary": "2122843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122843"
},
{
"category": "external",
"summary": "2123373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2123373"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2125249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125249"
},
{
"category": "external",
"summary": "2132250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132250"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2136504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136504"
},
{
"category": "external",
"summary": "2137364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137364"
},
{
"category": "external",
"summary": "2139645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139645"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2164560",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164560"
},
{
"category": "external",
"summary": "2174158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174158"
},
{
"category": "external",
"summary": "2177699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177699"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2204.json"
}
],
"title": "Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-06-20T07:30:15+00:00",
"generator": {
"date": "2026-06-20T07:30:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2023:2204",
"initial_release_date": "2023-05-09T10:11:21+00:00",
"revision_history": [
{
"date": "2023-05-09T10:11:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T10:11:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-20T07:30:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "weldr-client-0:35.9-1.el9.src",
"product": {
"name": "weldr-client-0:35.9-1.el9.src",
"product_id": "weldr-client-0:35.9-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client@35.9-1.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "osbuild-0:81-1.el9.src",
"product": {
"name": "osbuild-0:81-1.el9.src",
"product_id": "osbuild-0:81-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild@81-1.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "cockpit-composer-0:45-1.el9_2.src",
"product": {
"name": "cockpit-composer-0:45-1.el9_2.src",
"product_id": "cockpit-composer-0:45-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cockpit-composer@45-1.el9_2?arch=src"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-0:76-2.el9_2.src",
"product": {
"name": "osbuild-composer-0:76-2.el9_2.src",
"product_id": "osbuild-composer-0:76-2.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76-2.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "weldr-client-0:35.9-1.el9.aarch64",
"product": {
"name": "weldr-client-0:35.9-1.el9.aarch64",
"product_id": "weldr-client-0:35.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client@35.9-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debugsource-0:35.9-1.el9.aarch64",
"product": {
"name": "weldr-client-debugsource-0:35.9-1.el9.aarch64",
"product_id": "weldr-client-debugsource-0:35.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debugsource@35.9-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"product": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"product_id": "weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debuginfo@35.9-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"product": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"product_id": "weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-tests-debuginfo@35.9-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-core-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-core-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-worker-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-worker-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76-2.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "weldr-client-0:35.9-1.el9.ppc64le",
"product": {
"name": "weldr-client-0:35.9-1.el9.ppc64le",
"product_id": "weldr-client-0:35.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client@35.9-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"product": {
"name": "weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"product_id": "weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debugsource@35.9-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"product": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"product_id": "weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debuginfo@35.9-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"product": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"product_id": "weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-tests-debuginfo@35.9-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-core-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-core-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76-2.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "weldr-client-0:35.9-1.el9.x86_64",
"product": {
"name": "weldr-client-0:35.9-1.el9.x86_64",
"product_id": "weldr-client-0:35.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client@35.9-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debugsource-0:35.9-1.el9.x86_64",
"product": {
"name": "weldr-client-debugsource-0:35.9-1.el9.x86_64",
"product_id": "weldr-client-debugsource-0:35.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debugsource@35.9-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"product": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"product_id": "weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debuginfo@35.9-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64",
"product": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64",
"product_id": "weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-tests-debuginfo@35.9-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-core-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-core-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-worker-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-worker-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76-2.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "weldr-client-0:35.9-1.el9.s390x",
"product": {
"name": "weldr-client-0:35.9-1.el9.s390x",
"product_id": "weldr-client-0:35.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client@35.9-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debugsource-0:35.9-1.el9.s390x",
"product": {
"name": "weldr-client-debugsource-0:35.9-1.el9.s390x",
"product_id": "weldr-client-debugsource-0:35.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debugsource@35.9-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debuginfo-0:35.9-1.el9.s390x",
"product": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.s390x",
"product_id": "weldr-client-debuginfo-0:35.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debuginfo@35.9-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"product": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"product_id": "weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-tests-debuginfo@35.9-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-core-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-core-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-worker-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-worker-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76-2.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-0:81-1.el9.noarch",
"product": {
"name": "osbuild-0:81-1.el9.noarch",
"product_id": "osbuild-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "osbuild-luks2-0:81-1.el9.noarch",
"product": {
"name": "osbuild-luks2-0:81-1.el9.noarch",
"product_id": "osbuild-luks2-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-luks2@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "osbuild-lvm2-0:81-1.el9.noarch",
"product": {
"name": "osbuild-lvm2-0:81-1.el9.noarch",
"product_id": "osbuild-lvm2-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-lvm2@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "osbuild-ostree-0:81-1.el9.noarch",
"product": {
"name": "osbuild-ostree-0:81-1.el9.noarch",
"product_id": "osbuild-ostree-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-ostree@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "osbuild-selinux-0:81-1.el9.noarch",
"product": {
"name": "osbuild-selinux-0:81-1.el9.noarch",
"product_id": "osbuild-selinux-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-selinux@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-osbuild-0:81-1.el9.noarch",
"product": {
"name": "python3-osbuild-0:81-1.el9.noarch",
"product_id": "python3-osbuild-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-osbuild@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "cockpit-composer-0:45-1.el9_2.noarch",
"product": {
"name": "cockpit-composer-0:45-1.el9_2.noarch",
"product_id": "cockpit-composer-0:45-1.el9_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cockpit-composer@45-1.el9_2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-composer-0:45-1.el9_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch"
},
"product_reference": "cockpit-composer-0:45-1.el9_2.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-composer-0:45-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src"
},
"product_reference": "cockpit-composer-0:45-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch"
},
"product_reference": "osbuild-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-0:81-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-0:81-1.el9.src"
},
"product_reference": "osbuild-0:81-1.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76-2.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src"
},
"product_reference": "osbuild-composer-0:76-2.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-core-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-core-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-core-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-core-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-worker-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-worker-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-worker-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-luks2-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch"
},
"product_reference": "osbuild-luks2-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-lvm2-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch"
},
"product_reference": "osbuild-lvm2-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-ostree-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch"
},
"product_reference": "osbuild-ostree-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-selinux-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch"
},
"product_reference": "osbuild-selinux-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-osbuild-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
},
"product_reference": "python3-osbuild-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-0:35.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64"
},
"product_reference": "weldr-client-0:35.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-0:35.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le"
},
"product_reference": "weldr-client-0:35.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-0:35.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x"
},
"product_reference": "weldr-client-0:35.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-0:35.9-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src"
},
"product_reference": "weldr-client-0:35.9-1.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-0:35.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64"
},
"product_reference": "weldr-client-0:35.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64"
},
"product_reference": "weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le"
},
"product_reference": "weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x"
},
"product_reference": "weldr-client-debuginfo-0:35.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64"
},
"product_reference": "weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debugsource-0:35.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64"
},
"product_reference": "weldr-client-debugsource-0:35.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debugsource-0:35.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le"
},
"product_reference": "weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debugsource-0:35.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x"
},
"product_reference": "weldr-client-debugsource-0:35.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debugsource-0:35.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64"
},
"product_reference": "weldr-client-debugsource-0:35.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64"
},
"product_reference": "weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le"
},
"product_reference": "weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x"
},
"product_reference": "weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
},
"product_reference": "weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:2222
Vulnerability from csaf_redhat - Published: 2023-05-09 10:10 - Updated: 2026-06-02 17:38Summary
Red Hat Security Advisory: conmon security and bug fix update
Severity
Moderate
Notes
Topic: An update for conmon is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Conmon is an OCI container runtime monitor.
Security Fix(es):
* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for conmon is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Conmon is an OCI container runtime monitor.\n\nSecurity Fix(es):\n\n* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2222",
"url": "https://access.redhat.com/errata/RHSA-2023:2222"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2129080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129080"
},
{
"category": "external",
"summary": "2154417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154417"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2173697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173697"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2222.json"
}
],
"title": "Red Hat Security Advisory: conmon security and bug fix update",
"tracking": {
"current_release_date": "2026-06-02T17:38:36+00:00",
"generator": {
"date": "2026-06-02T17:38:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:2222",
"initial_release_date": "2023-05-09T10:10:29+00:00",
"revision_history": [
{
"date": "2023-05-09T10:10:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T10:10:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:38:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "conmon-2:2.1.7-1.el9_2.src",
"product": {
"name": "conmon-2:2.1.7-1.el9_2.src",
"product_id": "conmon-2:2.1.7-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.1.7-1.el9_2?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "conmon-2:2.1.7-1.el9_2.aarch64",
"product": {
"name": "conmon-2:2.1.7-1.el9_2.aarch64",
"product_id": "conmon-2:2.1.7-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.1.7-1.el9_2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debugsource-2:2.1.7-1.el9_2.aarch64",
"product": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.aarch64",
"product_id": "conmon-debugsource-2:2.1.7-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debugsource@2.1.7-1.el9_2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.aarch64",
"product": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.aarch64",
"product_id": "conmon-debuginfo-2:2.1.7-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debuginfo@2.1.7-1.el9_2?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "conmon-2:2.1.7-1.el9_2.ppc64le",
"product": {
"name": "conmon-2:2.1.7-1.el9_2.ppc64le",
"product_id": "conmon-2:2.1.7-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.1.7-1.el9_2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debugsource-2:2.1.7-1.el9_2.ppc64le",
"product": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.ppc64le",
"product_id": "conmon-debugsource-2:2.1.7-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debugsource@2.1.7-1.el9_2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le",
"product": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le",
"product_id": "conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debuginfo@2.1.7-1.el9_2?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "conmon-2:2.1.7-1.el9_2.x86_64",
"product": {
"name": "conmon-2:2.1.7-1.el9_2.x86_64",
"product_id": "conmon-2:2.1.7-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.1.7-1.el9_2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debugsource-2:2.1.7-1.el9_2.x86_64",
"product": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.x86_64",
"product_id": "conmon-debugsource-2:2.1.7-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debugsource@2.1.7-1.el9_2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.x86_64",
"product": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.x86_64",
"product_id": "conmon-debuginfo-2:2.1.7-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debuginfo@2.1.7-1.el9_2?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "conmon-2:2.1.7-1.el9_2.s390x",
"product": {
"name": "conmon-2:2.1.7-1.el9_2.s390x",
"product_id": "conmon-2:2.1.7-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.1.7-1.el9_2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debugsource-2:2.1.7-1.el9_2.s390x",
"product": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.s390x",
"product_id": "conmon-debugsource-2:2.1.7-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debugsource@2.1.7-1.el9_2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.s390x",
"product": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.s390x",
"product_id": "conmon-debuginfo-2:2.1.7-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debuginfo@2.1.7-1.el9_2?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.1.7-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.aarch64"
},
"product_reference": "conmon-2:2.1.7-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.1.7-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.ppc64le"
},
"product_reference": "conmon-2:2.1.7-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.1.7-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.s390x"
},
"product_reference": "conmon-2:2.1.7-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.1.7-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.src"
},
"product_reference": "conmon-2:2.1.7-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.1.7-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.x86_64"
},
"product_reference": "conmon-2:2.1.7-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.aarch64"
},
"product_reference": "conmon-debuginfo-2:2.1.7-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le"
},
"product_reference": "conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.s390x"
},
"product_reference": "conmon-debuginfo-2:2.1.7-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.x86_64"
},
"product_reference": "conmon-debuginfo-2:2.1.7-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.aarch64"
},
"product_reference": "conmon-debugsource-2:2.1.7-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.ppc64le"
},
"product_reference": "conmon-debugsource-2:2.1.7-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.s390x"
},
"product_reference": "conmon-debugsource-2:2.1.7-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.x86_64"
},
"product_reference": "conmon-debugsource-2:2.1.7-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.src",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.x86_64",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.x86_64",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:10:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.src",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.x86_64",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.x86_64",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2222"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.src",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.x86_64",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.x86_64",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:2236
Vulnerability from csaf_redhat - Published: 2023-05-09 10:03 - Updated: 2026-06-20 19:28Summary
Red Hat Security Advisory: toolbox security and bug fix update
Severity
Moderate
Notes
Topic: An update for toolbox is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.
Security Fix(es):
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for toolbox is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.\n\nSecurity Fix(es):\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2236",
"url": "https://access.redhat.com/errata/RHSA-2023:2236"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2033282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033282"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2163752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163752"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2236.json"
}
],
"title": "Red Hat Security Advisory: toolbox security and bug fix update",
"tracking": {
"current_release_date": "2026-06-20T19:28:59+00:00",
"generator": {
"date": "2026-06-20T19:28:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2023:2236",
"initial_release_date": "2023-05-09T10:03:47+00:00",
"revision_history": [
{
"date": "2023-05-09T10:03:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T10:03:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-20T19:28:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-9.el9.src",
"product": {
"name": "toolbox-0:0.0.99.3-9.el9.src",
"product_id": "toolbox-0:0.0.99.3-9.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-9.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-9.el9.aarch64",
"product": {
"name": "toolbox-0:0.0.99.3-9.el9.aarch64",
"product_id": "toolbox-0:0.0.99.3-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-9.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"product": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"product_id": "toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-9.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"product_id": "toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-9.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"product_id": "toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-9.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-9.el9.ppc64le",
"product": {
"name": "toolbox-0:0.0.99.3-9.el9.ppc64le",
"product_id": "toolbox-0:0.0.99.3-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-9.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"product": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"product_id": "toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-9.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"product_id": "toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-9.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"product_id": "toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-9.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-9.el9.x86_64",
"product": {
"name": "toolbox-0:0.0.99.3-9.el9.x86_64",
"product_id": "toolbox-0:0.0.99.3-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-9.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-9.el9.x86_64",
"product": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.x86_64",
"product_id": "toolbox-tests-0:0.0.99.3-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-9.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"product_id": "toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-9.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"product_id": "toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-9.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-9.el9.s390x",
"product": {
"name": "toolbox-0:0.0.99.3-9.el9.s390x",
"product_id": "toolbox-0:0.0.99.3-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-9.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-9.el9.s390x",
"product": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.s390x",
"product_id": "toolbox-tests-0:0.0.99.3-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-9.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"product_id": "toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-9.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"product_id": "toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-9.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64"
},
"product_reference": "toolbox-0:0.0.99.3-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le"
},
"product_reference": "toolbox-0:0.0.99.3-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x"
},
"product_reference": "toolbox-0:0.0.99.3-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-9.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src"
},
"product_reference": "toolbox-0:0.0.99.3-9.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64"
},
"product_reference": "toolbox-0:0.0.99.3-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64"
},
"product_reference": "toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le"
},
"product_reference": "toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x"
},
"product_reference": "toolbox-tests-0:0.0.99.3-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
},
"product_reference": "toolbox-tests-0:0.0.99.3-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2236"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:2253
Vulnerability from csaf_redhat - Published: 2023-05-09 09:52 - Updated: 2026-06-02 17:38Summary
Red Hat Security Advisory: buildah security and bug fix update
Severity
Moderate
Notes
Topic: An update for buildah is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Security Fix(es):
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for buildah is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2253",
"url": "https://access.redhat.com/errata/RHSA-2023:2253"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2142494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142494"
},
{
"category": "external",
"summary": "2150429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150429"
},
{
"category": "external",
"summary": "2151247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151247"
},
{
"category": "external",
"summary": "2152001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152001"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2166225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166225"
},
{
"category": "external",
"summary": "2182315",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182315"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2253.json"
}
],
"title": "Red Hat Security Advisory: buildah security and bug fix update",
"tracking": {
"current_release_date": "2026-06-02T17:38:38+00:00",
"generator": {
"date": "2026-06-02T17:38:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:2253",
"initial_release_date": "2023-05-09T09:52:10+00:00",
"revision_history": [
{
"date": "2023-05-09T09:52:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T09:52:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:38:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1:1.29.1-1.el9.src",
"product": {
"name": "buildah-1:1.29.1-1.el9.src",
"product_id": "buildah-1:1.29.1-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.29.1-1.el9?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1:1.29.1-1.el9.aarch64",
"product": {
"name": "buildah-1:1.29.1-1.el9.aarch64",
"product_id": "buildah-1:1.29.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.29.1-1.el9?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-1:1.29.1-1.el9.aarch64",
"product": {
"name": "buildah-tests-1:1.29.1-1.el9.aarch64",
"product_id": "buildah-tests-1:1.29.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.29.1-1.el9?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-1:1.29.1-1.el9.aarch64",
"product": {
"name": "buildah-debugsource-1:1.29.1-1.el9.aarch64",
"product_id": "buildah-debugsource-1:1.29.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.29.1-1.el9?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"product": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"product_id": "buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.29.1-1.el9?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"product": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"product_id": "buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.29.1-1.el9?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1:1.29.1-1.el9.ppc64le",
"product": {
"name": "buildah-1:1.29.1-1.el9.ppc64le",
"product_id": "buildah-1:1.29.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.29.1-1.el9?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-1:1.29.1-1.el9.ppc64le",
"product": {
"name": "buildah-tests-1:1.29.1-1.el9.ppc64le",
"product_id": "buildah-tests-1:1.29.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.29.1-1.el9?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"product": {
"name": "buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"product_id": "buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.29.1-1.el9?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"product": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"product_id": "buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.29.1-1.el9?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"product": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"product_id": "buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.29.1-1.el9?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1:1.29.1-1.el9.x86_64",
"product": {
"name": "buildah-1:1.29.1-1.el9.x86_64",
"product_id": "buildah-1:1.29.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.29.1-1.el9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-1:1.29.1-1.el9.x86_64",
"product": {
"name": "buildah-tests-1:1.29.1-1.el9.x86_64",
"product_id": "buildah-tests-1:1.29.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.29.1-1.el9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-1:1.29.1-1.el9.x86_64",
"product": {
"name": "buildah-debugsource-1:1.29.1-1.el9.x86_64",
"product_id": "buildah-debugsource-1:1.29.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.29.1-1.el9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"product": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"product_id": "buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.29.1-1.el9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64",
"product": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64",
"product_id": "buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.29.1-1.el9?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1:1.29.1-1.el9.s390x",
"product": {
"name": "buildah-1:1.29.1-1.el9.s390x",
"product_id": "buildah-1:1.29.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.29.1-1.el9?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-1:1.29.1-1.el9.s390x",
"product": {
"name": "buildah-tests-1:1.29.1-1.el9.s390x",
"product_id": "buildah-tests-1:1.29.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.29.1-1.el9?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-1:1.29.1-1.el9.s390x",
"product": {
"name": "buildah-debugsource-1:1.29.1-1.el9.s390x",
"product_id": "buildah-debugsource-1:1.29.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.29.1-1.el9?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-1:1.29.1-1.el9.s390x",
"product": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.s390x",
"product_id": "buildah-debuginfo-1:1.29.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.29.1-1.el9?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"product": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"product_id": "buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.29.1-1.el9?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1:1.29.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64"
},
"product_reference": "buildah-1:1.29.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1:1.29.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le"
},
"product_reference": "buildah-1:1.29.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1:1.29.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x"
},
"product_reference": "buildah-1:1.29.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1:1.29.1-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src"
},
"product_reference": "buildah-1:1.29.1-1.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1:1.29.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64"
},
"product_reference": "buildah-1:1.29.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64"
},
"product_reference": "buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le"
},
"product_reference": "buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x"
},
"product_reference": "buildah-debuginfo-1:1.29.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64"
},
"product_reference": "buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-1:1.29.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64"
},
"product_reference": "buildah-debugsource-1:1.29.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-1:1.29.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le"
},
"product_reference": "buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-1:1.29.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x"
},
"product_reference": "buildah-debugsource-1:1.29.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-1:1.29.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64"
},
"product_reference": "buildah-debugsource-1:1.29.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-1:1.29.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64"
},
"product_reference": "buildah-tests-1:1.29.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-1:1.29.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le"
},
"product_reference": "buildah-tests-1:1.29.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-1:1.29.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x"
},
"product_reference": "buildah-tests-1:1.29.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-1:1.29.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64"
},
"product_reference": "buildah-tests-1:1.29.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64"
},
"product_reference": "buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le"
},
"product_reference": "buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x"
},
"product_reference": "buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64"
},
"product_reference": "buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T09:52:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2253"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T09:52:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2253"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:2282
Vulnerability from csaf_redhat - Published: 2023-05-09 10:01 - Updated: 2026-06-02 17:38Summary
Red Hat Security Advisory: podman security and bug fix update
Severity
Moderate
Notes
Topic: An update for podman is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for podman is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2282",
"url": "https://access.redhat.com/errata/RHSA-2023:2282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "1998676",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998676"
},
{
"category": "external",
"summary": "2078411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078411"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2105173",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105173"
},
{
"category": "external",
"summary": "2123251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2123251"
},
{
"category": "external",
"summary": "2141019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141019"
},
{
"category": "external",
"summary": "2149774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149774"
},
{
"category": "external",
"summary": "2150430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150430"
},
{
"category": "external",
"summary": "2152023",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152023"
},
{
"category": "external",
"summary": "2152736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152736"
},
{
"category": "external",
"summary": "2153894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153894"
},
{
"category": "external",
"summary": "2158472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158472"
},
{
"category": "external",
"summary": "2158632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158632"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2166091",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166091"
},
{
"category": "external",
"summary": "2182821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182821"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2282.json"
}
],
"title": "Red Hat Security Advisory: podman security and bug fix update",
"tracking": {
"current_release_date": "2026-06-02T17:38:38+00:00",
"generator": {
"date": "2026-06-02T17:38:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:2282",
"initial_release_date": "2023-05-09T10:01:45+00:00",
"revision_history": [
{
"date": "2023-05-09T10:01:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T10:01:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:38:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-2:4.4.1-3.el9.src",
"product": {
"name": "podman-2:4.4.1-3.el9.src",
"product_id": "podman-2:4.4.1-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.4.1-3.el9?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-2:4.4.1-3.el9.aarch64",
"product_id": "podman-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-gvproxy-2:4.4.1-3.el9.aarch64",
"product_id": "podman-gvproxy-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-plugins-2:4.4.1-3.el9.aarch64",
"product_id": "podman-plugins-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-remote-2:4.4.1-3.el9.aarch64",
"product_id": "podman-remote-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-tests-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-tests-2:4.4.1-3.el9.aarch64",
"product_id": "podman-tests-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-debugsource-2:4.4.1-3.el9.aarch64",
"product_id": "podman-debugsource-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-debuginfo-2:4.4.1-3.el9.aarch64",
"product_id": "podman-debuginfo-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"product_id": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"product_id": "podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"product_id": "podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-plugins-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-plugins-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-remote-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-remote-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-tests-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-tests-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-tests-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-debugsource-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-debugsource-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-2:4.4.1-3.el9.x86_64",
"product_id": "podman-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-gvproxy-2:4.4.1-3.el9.x86_64",
"product_id": "podman-gvproxy-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-plugins-2:4.4.1-3.el9.x86_64",
"product_id": "podman-plugins-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-remote-2:4.4.1-3.el9.x86_64",
"product_id": "podman-remote-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-tests-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-tests-2:4.4.1-3.el9.x86_64",
"product_id": "podman-tests-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-debugsource-2:4.4.1-3.el9.x86_64",
"product_id": "podman-debugsource-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-debuginfo-2:4.4.1-3.el9.x86_64",
"product_id": "podman-debuginfo-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"product_id": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"product_id": "podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"product_id": "podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-2:4.4.1-3.el9.s390x",
"product_id": "podman-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-gvproxy-2:4.4.1-3.el9.s390x",
"product_id": "podman-gvproxy-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-plugins-2:4.4.1-3.el9.s390x",
"product_id": "podman-plugins-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-remote-2:4.4.1-3.el9.s390x",
"product_id": "podman-remote-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-tests-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-tests-2:4.4.1-3.el9.s390x",
"product_id": "podman-tests-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-debugsource-2:4.4.1-3.el9.s390x",
"product_id": "podman-debugsource-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-debuginfo-2:4.4.1-3.el9.s390x",
"product_id": "podman-debuginfo-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"product_id": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"product_id": "podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"product_id": "podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-2:4.4.1-3.el9.noarch",
"product": {
"name": "podman-docker-2:4.4.1-3.el9.noarch",
"product_id": "podman-docker-2:4.4.1-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-docker@4.4.1-3.el9?arch=noarch\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-2:4.4.1-3.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src"
},
"product_reference": "podman-2:4.4.1-3.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-debuginfo-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-debuginfo-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-debuginfo-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-debugsource-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-debugsource-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-debugsource-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-debugsource-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-2:4.4.1-3.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch"
},
"product_reference": "podman-docker-2:4.4.1-3.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-gvproxy-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-gvproxy-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-gvproxy-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-plugins-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-plugins-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-plugins-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-plugins-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-remote-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-remote-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-remote-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-remote-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-tests-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-tests-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-tests-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-tests-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:01:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2282"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:01:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2282"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:2283
Vulnerability from csaf_redhat - Published: 2023-05-09 10:01 - Updated: 2026-06-02 17:38Summary
Red Hat Security Advisory: skopeo security and bug fix update
Severity
Moderate
Notes
Topic: An update for skopeo is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for skopeo is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. \n\nSecurity Fix(es):\n\n* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2283",
"url": "https://access.redhat.com/errata/RHSA-2023:2283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2182318",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182318"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2283.json"
}
],
"title": "Red Hat Security Advisory: skopeo security and bug fix update",
"tracking": {
"current_release_date": "2026-06-02T17:38:38+00:00",
"generator": {
"date": "2026-06-02T17:38:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:2283",
"initial_release_date": "2023-05-09T10:01:47+00:00",
"revision_history": [
{
"date": "2023-05-09T10:01:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T10:01:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:38:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.11.2-0.1.el9.src",
"product": {
"name": "skopeo-2:1.11.2-0.1.el9.src",
"product_id": "skopeo-2:1.11.2-0.1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.11.2-0.1.el9?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.11.2-0.1.el9.aarch64",
"product": {
"name": "skopeo-2:1.11.2-0.1.el9.aarch64",
"product_id": "skopeo-2:1.11.2-0.1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.11.2-0.1.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"product": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"product_id": "skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.11.2-0.1.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"product": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"product_id": "skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.11.2-0.1.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"product": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"product_id": "skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.11.2-0.1.el9?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.11.2-0.1.el9.ppc64le",
"product": {
"name": "skopeo-2:1.11.2-0.1.el9.ppc64le",
"product_id": "skopeo-2:1.11.2-0.1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.11.2-0.1.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"product": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"product_id": "skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.11.2-0.1.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"product": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"product_id": "skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.11.2-0.1.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"product": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"product_id": "skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.11.2-0.1.el9?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.11.2-0.1.el9.x86_64",
"product": {
"name": "skopeo-2:1.11.2-0.1.el9.x86_64",
"product_id": "skopeo-2:1.11.2-0.1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.11.2-0.1.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.11.2-0.1.el9.x86_64",
"product": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.x86_64",
"product_id": "skopeo-tests-2:1.11.2-0.1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.11.2-0.1.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"product": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"product_id": "skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.11.2-0.1.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"product": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"product_id": "skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.11.2-0.1.el9?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.11.2-0.1.el9.s390x",
"product": {
"name": "skopeo-2:1.11.2-0.1.el9.s390x",
"product_id": "skopeo-2:1.11.2-0.1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.11.2-0.1.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.11.2-0.1.el9.s390x",
"product": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.s390x",
"product_id": "skopeo-tests-2:1.11.2-0.1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.11.2-0.1.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"product": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"product_id": "skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.11.2-0.1.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"product": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"product_id": "skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.11.2-0.1.el9?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.11.2-0.1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64"
},
"product_reference": "skopeo-2:1.11.2-0.1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.11.2-0.1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le"
},
"product_reference": "skopeo-2:1.11.2-0.1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.11.2-0.1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x"
},
"product_reference": "skopeo-2:1.11.2-0.1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.11.2-0.1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src"
},
"product_reference": "skopeo-2:1.11.2-0.1.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.11.2-0.1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64"
},
"product_reference": "skopeo-2:1.11.2-0.1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64"
},
"product_reference": "skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le"
},
"product_reference": "skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x"
},
"product_reference": "skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64"
},
"product_reference": "skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64"
},
"product_reference": "skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le"
},
"product_reference": "skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x"
},
"product_reference": "skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64"
},
"product_reference": "skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64"
},
"product_reference": "skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le"
},
"product_reference": "skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x"
},
"product_reference": "skopeo-tests-2:1.11.2-0.1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64"
},
"product_reference": "skopeo-tests-2:1.11.2-0.1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:01:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2283"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:01:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2283"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…