Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-36221 (GCVE-0-2021-36221)
Vulnerability from cvelistv5 – Published: 2021-08-08 00:00 – Updated: 2024-08-04 00:54
VLAI
EPSS
Summary
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:50.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21forum/golang-announce"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/JvWG9FUUYT0"
},
{
"name": "FEDORA-2021-38b51d9fd3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4AMYYHGBYMIWCCR5RCDFI5RAUJOPO5L/"
},
{
"name": "FEDORA-2021-6a3024b3fd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/"
},
{
"name": "FEDORA-2021-e71b05ba7b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://groups.google.com/forum/#%21forum/golang-announce"
},
{
"url": "https://groups.google.com/g/golang-announce/c/JvWG9FUUYT0"
},
{
"name": "FEDORA-2021-38b51d9fd3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4AMYYHGBYMIWCCR5RCDFI5RAUJOPO5L/"
},
{
"name": "FEDORA-2021-6a3024b3fd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/"
},
{
"name": "FEDORA-2021-e71b05ba7b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36221",
"datePublished": "2021-08-08T00:00:00.000Z",
"dateReserved": "2021-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:54:50.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-36221",
"date": "2026-05-29",
"epss": "0.00231",
"percentile": "0.45988"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-36221\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-08-08T06:15:08.740\",\"lastModified\":\"2024-11-21T06:13:20.337\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.\"},{\"lang\":\"es\",\"value\":\"Go versiones anteriores a 1.15.15 y 1.16.x versiones anteriores a 1.16.7, presenta una condici\u00f3n de carrera que puede conllevar un p\u00e1nico de net/http/httputil ReverseProxy al abortar ErrAbortHandler\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.15.15\",\"matchCriteriaId\":\"E2C67AB5-BE7B-467B-BB8C-489371C753AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.16.0\",\"versionEndExcluding\":\"1.16.7\",\"matchCriteriaId\":\"F99C17E3-F1B9-4E38-B5C8-9D6C5F4C3423\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.1.1.1.0\",\"matchCriteriaId\":\"20290BBC-E3C9-4B96-94FE-2DFADD4BF1F1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0\",\"matchCriteriaId\":\"9FC41AD4-69E5-48D8-8216-671F485C3C40\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52A77C9D-E59C-4397-B834-797D7B334A6B\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/#%21forum/golang-announce\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/JvWG9FUUYT0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/uHACNfXAZqk\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4AMYYHGBYMIWCCR5RCDFI5RAUJOPO5L/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/#%21forum/golang-announce\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/JvWG9FUUYT0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/uHACNfXAZqk\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4AMYYHGBYMIWCCR5RCDFI5RAUJOPO5L/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
GSD-2021-36221
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-36221",
"description": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.",
"id": "GSD-2021-36221",
"references": [
"https://www.suse.com/security/cve/CVE-2021-36221.html",
"https://access.redhat.com/errata/RHSA-2022:0561",
"https://access.redhat.com/errata/RHSA-2022:0557",
"https://access.redhat.com/errata/RHSA-2022:0318",
"https://access.redhat.com/errata/RHSA-2021:4766",
"https://access.redhat.com/errata/RHSA-2021:4765",
"https://access.redhat.com/errata/RHSA-2021:4156",
"https://advisories.mageia.org/CVE-2021-36221.html",
"https://security.archlinux.org/CVE-2021-36221",
"https://access.redhat.com/errata/RHSA-2022:0577",
"https://access.redhat.com/errata/RHSA-2022:0855",
"https://access.redhat.com/errata/RHSA-2022:0947",
"https://access.redhat.com/errata/RHSA-2022:1276",
"https://access.redhat.com/errata/RHSA-2022:1361",
"https://access.redhat.com/errata/RHSA-2022:1372",
"https://access.redhat.com/errata/RHSA-2022:1396",
"https://alas.aws.amazon.com/cve/html/CVE-2021-36221.html",
"https://access.redhat.com/errata/RHSA-2022:4668",
"https://access.redhat.com/errata/RHEA-2022:1596",
"https://access.redhat.com/errata/RHSA-2022:7457"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-36221"
],
"details": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.",
"id": "GSD-2021-36221",
"modified": "2023-12-13T01:23:16.397766Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!forum/golang-announce",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!forum/golang-announce"
},
{
"name": "https://groups.google.com/g/golang-announce/c/JvWG9FUUYT0",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce/c/JvWG9FUUYT0"
},
{
"name": "FEDORA-2021-38b51d9fd3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4AMYYHGBYMIWCCR5RCDFI5RAUJOPO5L/"
},
{
"name": "FEDORA-2021-6a3024b3fd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/"
},
{
"name": "FEDORA-2021-e71b05ba7b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
},
{
"name": "GLSA-202208-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.16.7",
"versionStartIncluding": "1.16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.15.15",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.1.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36221"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce/c/JvWG9FUUYT0",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/JvWG9FUUYT0"
},
{
"name": "https://groups.google.com/forum/#!forum/golang-announce",
"refsource": "MISC",
"tags": [
"Mailing List",
"Release Notes",
"Third Party Advisory"
],
"url": "https://groups.google.com/forum/#!forum/golang-announce"
},
{
"name": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk"
},
{
"name": "FEDORA-2021-38b51d9fd3",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4AMYYHGBYMIWCCR5RCDFI5RAUJOPO5L/"
},
{
"name": "FEDORA-2021-6a3024b3fd",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/"
},
{
"name": "FEDORA-2021-e71b05ba7b",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
},
{
"name": "GLSA-202208-02",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-04-20T00:15Z",
"publishedDate": "2021-08-08T06:15Z"
}
}
}
ICSA-22-167-09
Vulnerability from csaf_cisa - Published: 2022-06-14 00:00 - Updated: 2022-06-14 00:00Summary
Siemens SCALANCE LPE9403 Third-Party Vulnerabilities
Notes
Summary: Multiple vulnerabilities in the third-party components CivetWeb, Docker, Linux Kernel and systemd could allow an attacker to impact SCALANCE LPE9403 confidentiality, integrity and availability.
Siemens has released an update for the SCALANCE LPE9403 and recommends to update to the latest version.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
References
31 references
Acknowledgments
Siemens ProductCERT
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities in the third-party components CivetWeb, Docker, Linux Kernel and systemd could allow an attacker to impact SCALANCE LPE9403 confidentiality, integrity and availability.\n\nSiemens has released an update for the SCALANCE LPE9403 and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-222547: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-222547.json"
},
{
"category": "self",
"summary": "SSA-222547: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0 - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-222547.txt"
},
{
"category": "self",
"summary": "SSA-222547: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0 - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-167-09 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-167-09.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-167-09 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-167-09"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SCALANCE LPE9403 Third-Party Vulnerabilities",
"tracking": {
"current_release_date": "2022-06-14T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-167-09",
"initial_release_date": "2022-06-14T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-06-14T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.0",
"product": {
"name": "SCALANCE LPE9403",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"6GK5998-3GS00-2AC2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE LPE9403"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-27304",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2020-27304 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2020-27304 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-27304.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2020-27304"
},
{
"cve": "CVE-2021-20317",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-20317 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-20317 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-20317.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-20317"
},
{
"cve": "CVE-2021-33910",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "The use of alloca function with an uncontrolled size in function unit_name_path_escape allows a local attacker, able to mount a filesystem on a very long path, to crash systemd and the whole system by allocating a very large space in the stack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-33910 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-33910 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-33910.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-33910"
},
{
"cve": "CVE-2021-36221",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A race condition vulnerability was found in Go. The incoming requests body weren\u0027t closed after the handler panic and as a consequence this could lead to ReverseProxy crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-36221 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-36221 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-36221.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-36221"
},
{
"cve": "CVE-2021-39293",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-39293 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-39293 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-39293.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-39293"
},
{
"cve": "CVE-2021-41089",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in Moby (Docker Engine) where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host\u2019s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-41089 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-41089 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41089.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-41089"
},
{
"cve": "CVE-2021-41091",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in Moby (Docker Engine) where the data directory (typically /var/lib/docker) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-41091 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-41091 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41091.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-41091"
},
{
"cve": "CVE-2021-41092",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file (typically ~/.docker/config.json) listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to registry-1.docker.io rather than the intended private registry.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-41092 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-41092 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41092.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-41092"
},
{
"cve": "CVE-2021-41103",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-41103 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-41103 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41103.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-41103"
},
{
"cve": "CVE-2022-0847",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2022-0847 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2022-0847 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2022-0847.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2022-0847"
}
]
}
MSRC_CVE-2021-36221
Vulnerability from csaf_microsoft - Published: 2021-08-02 00:00 - Updated: 2021-08-20 00:00Summary
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 19007-16820 | — |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 16820-1 | — |
Vendor Fix
fix
|
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2021-36221 Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-36221.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.",
"tracking": {
"current_release_date": "2021-08-20T00:00:00.000Z",
"generator": {
"date": "2025-12-27T18:41:46.515Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2021-36221",
"initial_release_date": "2021-08-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-08-20T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 golang 1.16.7-1",
"product": {
"name": "\u003ccm1 golang 1.16.7-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 golang 1.16.7-1",
"product": {
"name": "cm1 golang 1.16.7-1",
"product_id": "19007"
}
}
],
"category": "product_name",
"name": "golang"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 golang 1.16.7-1 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 golang 1.16.7-1 as a component of CBL Mariner 1.0",
"product_id": "19007-16820"
},
"product_reference": "19007",
"relates_to_product_reference": "16820"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36221",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19007-16820"
],
"known_affected": [
"16820-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-36221 Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-36221.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-20T00:00:00.000Z",
"details": "1.16.7-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"16820-1"
]
}
],
"title": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort."
}
]
}
OPENSUSE-SU-2021:1199-1
Vulnerability from csaf_opensuse - Published: 2021-08-25 22:05 - Updated: 2021-08-25 22:05Summary
Security update for go1.16
Severity
Moderate
Notes
Title of the patch: Security update for go1.16
Description of the patch: This update for go1.16 fixes the following issues:
Update to go1.16.7:
- go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162)
- go#47348 cmd/go: 'go list -f '{{.Stale}}'' stack overflow with cyclic imports
- go#47332 time: Timer reset broken under heavy use since go1.16 timer optimizations added
- go#47289 cmd/link: build error with cgo in Windows, redefinition of go.map.zero
- go#47015 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied.
- go#46928 cmd/compile: register conflict between external linker and duffzero on arm64
- go#46858 runtime: ppc64x binaries randomly segfault on linux 5.13rc6
- go#46551 cmd/go: unhelpful error message when running 'go install' on a replaced-but-not-required package
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2021-1199
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:go1.16-1.16.7-lp152.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:go1.16-doc-1.16.7-lp152.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:go1.16-race-1.16.7-lp152.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.16 fixes the following issues:\n\nUpdate to go1.16.7:\n\n- go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162)\n- go#47348 cmd/go: \u0027go list -f \u0027{{.Stale}}\u0027\u0027 stack overflow with cyclic imports\n- go#47332 time: Timer reset broken under heavy use since go1.16 timer optimizations added\n- go#47289 cmd/link: build error with cgo in Windows, redefinition of go.map.zero\n- go#47015 cmd/go: go mod vendor: open C:\\Users\\LICENSE: Access is denied.\n- go#46928 cmd/compile: register conflict between external linker and duffzero on arm64\n- go#46858 runtime: ppc64x binaries randomly segfault on linux 5.13rc6\n- go#46551 cmd/go: unhelpful error message when running \u0027go install\u0027 on a replaced-but-not-required package\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1199",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1199-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1199-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5LR4TSGW4J25HER35GR4VSKSJCKQY4GC/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1199-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5LR4TSGW4J25HER35GR4VSKSJCKQY4GC/"
},
{
"category": "self",
"summary": "SUSE Bug 1182345",
"url": "https://bugzilla.suse.com/1182345"
},
{
"category": "self",
"summary": "SUSE Bug 1189162",
"url": "https://bugzilla.suse.com/1189162"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36221 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36221/"
}
],
"title": "Security update for go1.16",
"tracking": {
"current_release_date": "2021-08-25T22:05:55Z",
"generator": {
"date": "2021-08-25T22:05:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1199-1",
"initial_release_date": "2021-08-25T22:05:55Z",
"revision_history": [
{
"date": "2021-08-25T22:05:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.7-lp152.8.1.x86_64",
"product": {
"name": "go1.16-1.16.7-lp152.8.1.x86_64",
"product_id": "go1.16-1.16.7-lp152.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.7-lp152.8.1.x86_64",
"product": {
"name": "go1.16-doc-1.16.7-lp152.8.1.x86_64",
"product_id": "go1.16-doc-1.16.7-lp152.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.7-lp152.8.1.x86_64",
"product": {
"name": "go1.16-race-1.16.7-lp152.8.1.x86_64",
"product_id": "go1.16-race-1.16.7-lp152.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.7-lp152.8.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:go1.16-1.16.7-lp152.8.1.x86_64"
},
"product_reference": "go1.16-1.16.7-lp152.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.7-lp152.8.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:go1.16-doc-1.16.7-lp152.8.1.x86_64"
},
"product_reference": "go1.16-doc-1.16.7-lp152.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.7-lp152.8.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:go1.16-race-1.16.7-lp152.8.1.x86_64"
},
"product_reference": "go1.16-race-1.16.7-lp152.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36221"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:go1.16-1.16.7-lp152.8.1.x86_64",
"openSUSE Leap 15.2:go1.16-doc-1.16.7-lp152.8.1.x86_64",
"openSUSE Leap 15.2:go1.16-race-1.16.7-lp152.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36221",
"url": "https://www.suse.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "SUSE Bug 1189162 for CVE-2021-36221",
"url": "https://bugzilla.suse.com/1189162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:go1.16-1.16.7-lp152.8.1.x86_64",
"openSUSE Leap 15.2:go1.16-doc-1.16.7-lp152.8.1.x86_64",
"openSUSE Leap 15.2:go1.16-race-1.16.7-lp152.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:go1.16-1.16.7-lp152.8.1.x86_64",
"openSUSE Leap 15.2:go1.16-doc-1.16.7-lp152.8.1.x86_64",
"openSUSE Leap 15.2:go1.16-race-1.16.7-lp152.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-25T22:05:55Z",
"details": "moderate"
}
],
"title": "CVE-2021-36221"
}
]
}
OPENSUSE-SU-2021:1207-1
Vulnerability from csaf_opensuse - Published: 2021-08-27 18:07 - Updated: 2021-08-27 18:07Summary
Security update for go1.15
Severity
Moderate
Notes
Title of the patch: Security update for go1.15
Description of the patch: This update for go1.15 fixes the following issues:
Update to go1.15.15:
- go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162)
- go#47347 cmd/go: 'go list -f '{{.Stale}}'' stack overflow with cyclic imports
- go#47014 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied.
- go#46927 cmd/compile: register conflict between external linker and duffzero on arm64
- go#46857 runtime: ppc64x binaries randomly segfault on linux 5.13rc6
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2021-1207
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:go1.15-1.15.15-lp152.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:go1.15-doc-1.15.15-lp152.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:go1.15-race-1.15.15-lp152.26.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.15",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.15 fixes the following issues:\n\nUpdate to go1.15.15:\n\n- go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162)\n- go#47347 cmd/go: \u0027go list -f \u0027{{.Stale}}\u0027\u0027 stack overflow with cyclic imports\n- go#47014 cmd/go: go mod vendor: open C:\\Users\\LICENSE: Access is denied.\n- go#46927 cmd/compile: register conflict between external linker and duffzero on arm64\n- go#46857 runtime: ppc64x binaries randomly segfault on linux 5.13rc6\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1207",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1207-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1207-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5YUFZSLKF2GBNSU2QJCJH73WU2LSGQ5O/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1207-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5YUFZSLKF2GBNSU2QJCJH73WU2LSGQ5O/"
},
{
"category": "self",
"summary": "SUSE Bug 1175132",
"url": "https://bugzilla.suse.com/1175132"
},
{
"category": "self",
"summary": "SUSE Bug 1188906",
"url": "https://bugzilla.suse.com/1188906"
},
{
"category": "self",
"summary": "SUSE Bug 1189162",
"url": "https://bugzilla.suse.com/1189162"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36221 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36221/"
}
],
"title": "Security update for go1.15",
"tracking": {
"current_release_date": "2021-08-27T18:07:35Z",
"generator": {
"date": "2021-08-27T18:07:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1207-1",
"initial_release_date": "2021-08-27T18:07:35Z",
"revision_history": [
{
"date": "2021-08-27T18:07:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-lp152.26.1.x86_64",
"product": {
"name": "go1.15-1.15.15-lp152.26.1.x86_64",
"product_id": "go1.15-1.15.15-lp152.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-lp152.26.1.x86_64",
"product": {
"name": "go1.15-doc-1.15.15-lp152.26.1.x86_64",
"product_id": "go1.15-doc-1.15.15-lp152.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.15-lp152.26.1.x86_64",
"product": {
"name": "go1.15-race-1.15.15-lp152.26.1.x86_64",
"product_id": "go1.15-race-1.15.15-lp152.26.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-lp152.26.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:go1.15-1.15.15-lp152.26.1.x86_64"
},
"product_reference": "go1.15-1.15.15-lp152.26.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-lp152.26.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:go1.15-doc-1.15.15-lp152.26.1.x86_64"
},
"product_reference": "go1.15-doc-1.15.15-lp152.26.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.15-lp152.26.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:go1.15-race-1.15.15-lp152.26.1.x86_64"
},
"product_reference": "go1.15-race-1.15.15-lp152.26.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36221"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:go1.15-1.15.15-lp152.26.1.x86_64",
"openSUSE Leap 15.2:go1.15-doc-1.15.15-lp152.26.1.x86_64",
"openSUSE Leap 15.2:go1.15-race-1.15.15-lp152.26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36221",
"url": "https://www.suse.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "SUSE Bug 1189162 for CVE-2021-36221",
"url": "https://bugzilla.suse.com/1189162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:go1.15-1.15.15-lp152.26.1.x86_64",
"openSUSE Leap 15.2:go1.15-doc-1.15.15-lp152.26.1.x86_64",
"openSUSE Leap 15.2:go1.15-race-1.15.15-lp152.26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:go1.15-1.15.15-lp152.26.1.x86_64",
"openSUSE Leap 15.2:go1.15-doc-1.15.15-lp152.26.1.x86_64",
"openSUSE Leap 15.2:go1.15-race-1.15.15-lp152.26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-27T18:07:35Z",
"details": "moderate"
}
],
"title": "CVE-2021-36221"
}
]
}
OPENSUSE-SU-2021:2787-1
Vulnerability from csaf_opensuse - Published: 2021-08-20 08:04 - Updated: 2021-08-20 08:04Summary
Security update for go1.15
Severity
Moderate
Notes
Title of the patch: Security update for go1.15
Description of the patch: This update for go1.15 fixes the following issues:
Update to go1.15.15:
- go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162)
- go#47347 cmd/go: 'go list -f '{{.Stale}}'' stack overflow with cyclic imports
- go#47014 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied.
- go#46927 cmd/compile: register conflict between external linker and duffzero on arm64
- go#46857 runtime: ppc64x binaries randomly segfault on linux 5.13rc6
Patchnames: openSUSE-SLE-15.3-2021-2787
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.15-race-1.15.15-1.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.15-race-1.15.15-1.39.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.15",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.15 fixes the following issues:\n\nUpdate to go1.15.15:\n\n- go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162)\n- go#47347 cmd/go: \u0027go list -f \u0027{{.Stale}}\u0027\u0027 stack overflow with cyclic imports\n- go#47014 cmd/go: go mod vendor: open C:\\Users\\LICENSE: Access is denied.\n- go#46927 cmd/compile: register conflict between external linker and duffzero on arm64\n- go#46857 runtime: ppc64x binaries randomly segfault on linux 5.13rc6\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-2787",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_2787-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:2787-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7FPUQARVFSVTNWXPM6OPHZLDEEMVSSM3/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:2787-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7FPUQARVFSVTNWXPM6OPHZLDEEMVSSM3/"
},
{
"category": "self",
"summary": "SUSE Bug 1175132",
"url": "https://bugzilla.suse.com/1175132"
},
{
"category": "self",
"summary": "SUSE Bug 1188906",
"url": "https://bugzilla.suse.com/1188906"
},
{
"category": "self",
"summary": "SUSE Bug 1189162",
"url": "https://bugzilla.suse.com/1189162"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36221 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36221/"
}
],
"title": "Security update for go1.15",
"tracking": {
"current_release_date": "2021-08-20T08:04:25Z",
"generator": {
"date": "2021-08-20T08:04:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:2787-1",
"initial_release_date": "2021-08-20T08:04:25Z",
"revision_history": [
{
"date": "2021-08-20T08:04:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.39.1.aarch64",
"product": {
"name": "go1.15-1.15.15-1.39.1.aarch64",
"product_id": "go1.15-1.15.15-1.39.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.39.1.aarch64",
"product": {
"name": "go1.15-doc-1.15.15-1.39.1.aarch64",
"product_id": "go1.15-doc-1.15.15-1.39.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.15-1.39.1.aarch64",
"product": {
"name": "go1.15-race-1.15.15-1.39.1.aarch64",
"product_id": "go1.15-race-1.15.15-1.39.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.39.1.ppc64le",
"product": {
"name": "go1.15-1.15.15-1.39.1.ppc64le",
"product_id": "go1.15-1.15.15-1.39.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.39.1.ppc64le",
"product": {
"name": "go1.15-doc-1.15.15-1.39.1.ppc64le",
"product_id": "go1.15-doc-1.15.15-1.39.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.39.1.s390x",
"product": {
"name": "go1.15-1.15.15-1.39.1.s390x",
"product_id": "go1.15-1.15.15-1.39.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.39.1.s390x",
"product": {
"name": "go1.15-doc-1.15.15-1.39.1.s390x",
"product_id": "go1.15-doc-1.15.15-1.39.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.39.1.x86_64",
"product": {
"name": "go1.15-1.15.15-1.39.1.x86_64",
"product_id": "go1.15-1.15.15-1.39.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.39.1.x86_64",
"product": {
"name": "go1.15-doc-1.15.15-1.39.1.x86_64",
"product_id": "go1.15-doc-1.15.15-1.39.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.15-1.39.1.x86_64",
"product": {
"name": "go1.15-race-1.15.15-1.39.1.x86_64",
"product_id": "go1.15-race-1.15.15-1.39.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.39.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.aarch64"
},
"product_reference": "go1.15-1.15.15-1.39.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.39.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.ppc64le"
},
"product_reference": "go1.15-1.15.15-1.39.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.39.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.s390x"
},
"product_reference": "go1.15-1.15.15-1.39.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.39.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.x86_64"
},
"product_reference": "go1.15-1.15.15-1.39.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.39.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.aarch64"
},
"product_reference": "go1.15-doc-1.15.15-1.39.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.39.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.ppc64le"
},
"product_reference": "go1.15-doc-1.15.15-1.39.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.39.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.s390x"
},
"product_reference": "go1.15-doc-1.15.15-1.39.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.39.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.x86_64"
},
"product_reference": "go1.15-doc-1.15.15-1.39.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.15-1.39.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.15-race-1.15.15-1.39.1.aarch64"
},
"product_reference": "go1.15-race-1.15.15-1.39.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.15-1.39.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.15-race-1.15.15-1.39.1.x86_64"
},
"product_reference": "go1.15-race-1.15.15-1.39.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36221"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.aarch64",
"openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.ppc64le",
"openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.s390x",
"openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.x86_64",
"openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.aarch64",
"openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.ppc64le",
"openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.s390x",
"openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.x86_64",
"openSUSE Leap 15.3:go1.15-race-1.15.15-1.39.1.aarch64",
"openSUSE Leap 15.3:go1.15-race-1.15.15-1.39.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36221",
"url": "https://www.suse.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "SUSE Bug 1189162 for CVE-2021-36221",
"url": "https://bugzilla.suse.com/1189162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.aarch64",
"openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.ppc64le",
"openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.s390x",
"openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.x86_64",
"openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.aarch64",
"openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.ppc64le",
"openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.s390x",
"openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.x86_64",
"openSUSE Leap 15.3:go1.15-race-1.15.15-1.39.1.aarch64",
"openSUSE Leap 15.3:go1.15-race-1.15.15-1.39.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.aarch64",
"openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.ppc64le",
"openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.s390x",
"openSUSE Leap 15.3:go1.15-1.15.15-1.39.1.x86_64",
"openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.aarch64",
"openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.ppc64le",
"openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.s390x",
"openSUSE Leap 15.3:go1.15-doc-1.15.15-1.39.1.x86_64",
"openSUSE Leap 15.3:go1.15-race-1.15.15-1.39.1.aarch64",
"openSUSE Leap 15.3:go1.15-race-1.15.15-1.39.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-20T08:04:25Z",
"details": "moderate"
}
],
"title": "CVE-2021-36221"
}
]
}
OPENSUSE-SU-2021:2788-1
Vulnerability from csaf_opensuse - Published: 2021-08-20 08:06 - Updated: 2021-08-20 08:06Summary
Security update for go1.16
Severity
Moderate
Notes
Title of the patch: Security update for go1.16
Description of the patch: This update for go1.16 fixes the following issues:
Update to go1.16.7:
- go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162)
- go#47348 cmd/go: 'go list -f '{{.Stale}}'' stack overflow with cyclic imports
- go#47332 time: Timer reset broken under heavy use since go1.16 timer optimizations added
- go#47289 cmd/link: build error with cgo in Windows, redefinition of go.map.zero
- go#47015 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied.
- go#46928 cmd/compile: register conflict between external linker and duffzero on arm64
- go#46858 runtime: ppc64x binaries randomly segfault on linux 5.13rc6
- go#46551 cmd/go: unhelpful error message when running 'go install' on a replaced-but-not-required package
Patchnames: openSUSE-SLE-15.3-2021-2788
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-race-1.16.7-1.23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-race-1.16.7-1.23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.16 fixes the following issues:\n\nUpdate to go1.16.7:\n\n- go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162)\n- go#47348 cmd/go: \u0027go list -f \u0027{{.Stale}}\u0027\u0027 stack overflow with cyclic imports\n- go#47332 time: Timer reset broken under heavy use since go1.16 timer optimizations added\n- go#47289 cmd/link: build error with cgo in Windows, redefinition of go.map.zero\n- go#47015 cmd/go: go mod vendor: open C:\\Users\\LICENSE: Access is denied.\n- go#46928 cmd/compile: register conflict between external linker and duffzero on arm64\n- go#46858 runtime: ppc64x binaries randomly segfault on linux 5.13rc6\n- go#46551 cmd/go: unhelpful error message when running \u0027go install\u0027 on a replaced-but-not-required package\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-2788",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_2788-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:2788-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QBLRS3I4ZUSJEMER3J6HA6RD4XDIQYHC/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:2788-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QBLRS3I4ZUSJEMER3J6HA6RD4XDIQYHC/"
},
{
"category": "self",
"summary": "SUSE Bug 1182345",
"url": "https://bugzilla.suse.com/1182345"
},
{
"category": "self",
"summary": "SUSE Bug 1189162",
"url": "https://bugzilla.suse.com/1189162"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36221 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36221/"
}
],
"title": "Security update for go1.16",
"tracking": {
"current_release_date": "2021-08-20T08:06:18Z",
"generator": {
"date": "2021-08-20T08:06:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:2788-1",
"initial_release_date": "2021-08-20T08:06:18Z",
"revision_history": [
{
"date": "2021-08-20T08:06:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.7-1.23.1.aarch64",
"product": {
"name": "go1.16-1.16.7-1.23.1.aarch64",
"product_id": "go1.16-1.16.7-1.23.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.7-1.23.1.aarch64",
"product": {
"name": "go1.16-doc-1.16.7-1.23.1.aarch64",
"product_id": "go1.16-doc-1.16.7-1.23.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.7-1.23.1.aarch64",
"product": {
"name": "go1.16-race-1.16.7-1.23.1.aarch64",
"product_id": "go1.16-race-1.16.7-1.23.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.7-1.23.1.ppc64le",
"product": {
"name": "go1.16-1.16.7-1.23.1.ppc64le",
"product_id": "go1.16-1.16.7-1.23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.7-1.23.1.ppc64le",
"product": {
"name": "go1.16-doc-1.16.7-1.23.1.ppc64le",
"product_id": "go1.16-doc-1.16.7-1.23.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.7-1.23.1.s390x",
"product": {
"name": "go1.16-1.16.7-1.23.1.s390x",
"product_id": "go1.16-1.16.7-1.23.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.7-1.23.1.s390x",
"product": {
"name": "go1.16-doc-1.16.7-1.23.1.s390x",
"product_id": "go1.16-doc-1.16.7-1.23.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.7-1.23.1.x86_64",
"product": {
"name": "go1.16-1.16.7-1.23.1.x86_64",
"product_id": "go1.16-1.16.7-1.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.7-1.23.1.x86_64",
"product": {
"name": "go1.16-doc-1.16.7-1.23.1.x86_64",
"product_id": "go1.16-doc-1.16.7-1.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.7-1.23.1.x86_64",
"product": {
"name": "go1.16-race-1.16.7-1.23.1.x86_64",
"product_id": "go1.16-race-1.16.7-1.23.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.7-1.23.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.aarch64"
},
"product_reference": "go1.16-1.16.7-1.23.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.7-1.23.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.ppc64le"
},
"product_reference": "go1.16-1.16.7-1.23.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.7-1.23.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.s390x"
},
"product_reference": "go1.16-1.16.7-1.23.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.7-1.23.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.x86_64"
},
"product_reference": "go1.16-1.16.7-1.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.7-1.23.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.aarch64"
},
"product_reference": "go1.16-doc-1.16.7-1.23.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.7-1.23.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.ppc64le"
},
"product_reference": "go1.16-doc-1.16.7-1.23.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.7-1.23.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.s390x"
},
"product_reference": "go1.16-doc-1.16.7-1.23.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.7-1.23.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.x86_64"
},
"product_reference": "go1.16-doc-1.16.7-1.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.7-1.23.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-race-1.16.7-1.23.1.aarch64"
},
"product_reference": "go1.16-race-1.16.7-1.23.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.7-1.23.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-race-1.16.7-1.23.1.x86_64"
},
"product_reference": "go1.16-race-1.16.7-1.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36221"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.7-1.23.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.7-1.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36221",
"url": "https://www.suse.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "SUSE Bug 1189162 for CVE-2021-36221",
"url": "https://bugzilla.suse.com/1189162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.7-1.23.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.7-1.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.7-1.23.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.7-1.23.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.7-1.23.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.7-1.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-20T08:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2021-36221"
}
]
}
OPENSUSE-SU-2024:10808-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.15-1.15.15-1.2 on GA media
Severity
Moderate
Notes
Title of the patch: go1.15-1.15.15-1.2 on GA media
Description of the patch: These are all security issues fixed in the go1.15-1.15.15-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10808
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.15-1.15.15-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.15-1.15.15-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10808",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10808-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24553 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28362 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28366 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28366/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28367 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28367/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27918 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3114 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3115 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-31525 page",
"url": "https://www.suse.com/security/cve/CVE-2021-31525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33195 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33196 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33197 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33198 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-34558 page",
"url": "https://www.suse.com/security/cve/CVE-2021-34558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36221 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36221/"
}
],
"title": "go1.15-1.15.15-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10808-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.2.aarch64",
"product": {
"name": "go1.15-1.15.15-1.2.aarch64",
"product_id": "go1.15-1.15.15-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.2.aarch64",
"product": {
"name": "go1.15-doc-1.15.15-1.2.aarch64",
"product_id": "go1.15-doc-1.15.15-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.15-1.2.aarch64",
"product": {
"name": "go1.15-race-1.15.15-1.2.aarch64",
"product_id": "go1.15-race-1.15.15-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.2.ppc64le",
"product": {
"name": "go1.15-1.15.15-1.2.ppc64le",
"product_id": "go1.15-1.15.15-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.2.ppc64le",
"product": {
"name": "go1.15-doc-1.15.15-1.2.ppc64le",
"product_id": "go1.15-doc-1.15.15-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.15-1.2.ppc64le",
"product": {
"name": "go1.15-race-1.15.15-1.2.ppc64le",
"product_id": "go1.15-race-1.15.15-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.2.s390x",
"product": {
"name": "go1.15-1.15.15-1.2.s390x",
"product_id": "go1.15-1.15.15-1.2.s390x"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.2.s390x",
"product": {
"name": "go1.15-doc-1.15.15-1.2.s390x",
"product_id": "go1.15-doc-1.15.15-1.2.s390x"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.15-1.2.s390x",
"product": {
"name": "go1.15-race-1.15.15-1.2.s390x",
"product_id": "go1.15-race-1.15.15-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.2.x86_64",
"product": {
"name": "go1.15-1.15.15-1.2.x86_64",
"product_id": "go1.15-1.15.15-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.2.x86_64",
"product": {
"name": "go1.15-doc-1.15.15-1.2.x86_64",
"product_id": "go1.15-doc-1.15.15-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.15-1.2.x86_64",
"product": {
"name": "go1.15-race-1.15.15-1.2.x86_64",
"product_id": "go1.15-race-1.15.15-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64"
},
"product_reference": "go1.15-1.15.15-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le"
},
"product_reference": "go1.15-1.15.15-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x"
},
"product_reference": "go1.15-1.15.15-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64"
},
"product_reference": "go1.15-1.15.15-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64"
},
"product_reference": "go1.15-doc-1.15.15-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le"
},
"product_reference": "go1.15-doc-1.15.15-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x"
},
"product_reference": "go1.15-doc-1.15.15-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64"
},
"product_reference": "go1.15-doc-1.15.15-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.15-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64"
},
"product_reference": "go1.15-race-1.15.15-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.15-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le"
},
"product_reference": "go1.15-race-1.15.15-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.15-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x"
},
"product_reference": "go1.15-race-1.15.15-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.15-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
},
"product_reference": "go1.15-race-1.15.15-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-24553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24553"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24553",
"url": "https://www.suse.com/security/cve/CVE-2020-24553"
},
{
"category": "external",
"summary": "SUSE Bug 1176031 for CVE-2020-24553",
"url": "https://bugzilla.suse.com/1176031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-24553"
},
{
"cve": "CVE-2020-28362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28362"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28362",
"url": "https://www.suse.com/security/cve/CVE-2020-28362"
},
{
"category": "external",
"summary": "SUSE Bug 1178750 for CVE-2020-28362",
"url": "https://bugzilla.suse.com/1178750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-28362"
},
{
"cve": "CVE-2020-28366",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28366"
}
],
"notes": [
{
"category": "general",
"text": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28366",
"url": "https://www.suse.com/security/cve/CVE-2020-28366"
},
{
"category": "external",
"summary": "SUSE Bug 1178753 for CVE-2020-28366",
"url": "https://bugzilla.suse.com/1178753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-28366"
},
{
"cve": "CVE-2020-28367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28367"
}
],
"notes": [
{
"category": "general",
"text": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28367",
"url": "https://www.suse.com/security/cve/CVE-2020-28367"
},
{
"category": "external",
"summary": "SUSE Bug 1178752 for CVE-2020-28367",
"url": "https://bugzilla.suse.com/1178752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-28367"
},
{
"cve": "CVE-2021-27918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27918"
}
],
"notes": [
{
"category": "general",
"text": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27918",
"url": "https://www.suse.com/security/cve/CVE-2021-27918"
},
{
"category": "external",
"summary": "SUSE Bug 1183333 for CVE-2021-27918",
"url": "https://bugzilla.suse.com/1183333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-27918"
},
{
"cve": "CVE-2021-3114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3114"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3114",
"url": "https://www.suse.com/security/cve/CVE-2021-3114"
},
{
"category": "external",
"summary": "SUSE Bug 1181145 for CVE-2021-3114",
"url": "https://bugzilla.suse.com/1181145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3114"
},
{
"cve": "CVE-2021-3115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3115"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the \"go get\" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3115",
"url": "https://www.suse.com/security/cve/CVE-2021-3115"
},
{
"category": "external",
"summary": "SUSE Bug 1181146 for CVE-2021-3115",
"url": "https://bugzilla.suse.com/1181146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3115"
},
{
"cve": "CVE-2021-31525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-31525"
}
],
"notes": [
{
"category": "general",
"text": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-31525",
"url": "https://www.suse.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "SUSE Bug 1185790 for CVE-2021-31525",
"url": "https://bugzilla.suse.com/1185790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-31525"
},
{
"cve": "CVE-2021-33195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33195"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33195",
"url": "https://www.suse.com/security/cve/CVE-2021-33195"
},
{
"category": "external",
"summary": "SUSE Bug 1187443 for CVE-2021-33195",
"url": "https://bugzilla.suse.com/1187443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-33195"
},
{
"cve": "CVE-2021-33196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33196"
}
],
"notes": [
{
"category": "general",
"text": "In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive\u0027s header) can cause a NewReader or OpenReader panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33196",
"url": "https://www.suse.com/security/cve/CVE-2021-33196"
},
{
"category": "external",
"summary": "SUSE Bug 1186622 for CVE-2021-33196",
"url": "https://bugzilla.suse.com/1186622"
},
{
"category": "external",
"summary": "SUSE Bug 1190589 for CVE-2021-33196",
"url": "https://bugzilla.suse.com/1190589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33196"
},
{
"cve": "CVE-2021-33197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33197"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33197",
"url": "https://www.suse.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "SUSE Bug 1187444 for CVE-2021-33197",
"url": "https://bugzilla.suse.com/1187444"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-33197"
},
{
"cve": "CVE-2021-33198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33198"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33198",
"url": "https://www.suse.com/security/cve/CVE-2021-33198"
},
{
"category": "external",
"summary": "SUSE Bug 1187445 for CVE-2021-33198",
"url": "https://bugzilla.suse.com/1187445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33198"
},
{
"cve": "CVE-2021-34558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-34558"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-34558",
"url": "https://www.suse.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "SUSE Bug 1188229 for CVE-2021-34558",
"url": "https://bugzilla.suse.com/1188229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-34558"
},
{
"cve": "CVE-2021-36221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36221"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36221",
"url": "https://www.suse.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "SUSE Bug 1189162 for CVE-2021-36221",
"url": "https://bugzilla.suse.com/1189162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-36221"
}
]
}
OPENSUSE-SU-2024:10809-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.16-1.16.8-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.16-1.16.8-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.16-1.16.8-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10809
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.16-1.16.8-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.16-1.16.8-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10809",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10809-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27918 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27919 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-31525 page",
"url": "https://www.suse.com/security/cve/CVE-2021-31525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33195 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33196 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33197 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33198 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-34558 page",
"url": "https://www.suse.com/security/cve/CVE-2021-34558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36221 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39293 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39293/"
}
],
"title": "go1.16-1.16.8-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10809-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.aarch64",
"product": {
"name": "go1.16-1.16.8-1.1.aarch64",
"product_id": "go1.16-1.16.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.aarch64",
"product": {
"name": "go1.16-doc-1.16.8-1.1.aarch64",
"product_id": "go1.16-doc-1.16.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.aarch64",
"product": {
"name": "go1.16-race-1.16.8-1.1.aarch64",
"product_id": "go1.16-race-1.16.8-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.ppc64le",
"product": {
"name": "go1.16-1.16.8-1.1.ppc64le",
"product_id": "go1.16-1.16.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.ppc64le",
"product": {
"name": "go1.16-doc-1.16.8-1.1.ppc64le",
"product_id": "go1.16-doc-1.16.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.ppc64le",
"product": {
"name": "go1.16-race-1.16.8-1.1.ppc64le",
"product_id": "go1.16-race-1.16.8-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.s390x",
"product": {
"name": "go1.16-1.16.8-1.1.s390x",
"product_id": "go1.16-1.16.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.s390x",
"product": {
"name": "go1.16-doc-1.16.8-1.1.s390x",
"product_id": "go1.16-doc-1.16.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.s390x",
"product": {
"name": "go1.16-race-1.16.8-1.1.s390x",
"product_id": "go1.16-race-1.16.8-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.x86_64",
"product": {
"name": "go1.16-1.16.8-1.1.x86_64",
"product_id": "go1.16-1.16.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.x86_64",
"product": {
"name": "go1.16-doc-1.16.8-1.1.x86_64",
"product_id": "go1.16-doc-1.16.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.x86_64",
"product": {
"name": "go1.16-race-1.16.8-1.1.x86_64",
"product_id": "go1.16-race-1.16.8-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64"
},
"product_reference": "go1.16-1.16.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le"
},
"product_reference": "go1.16-1.16.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x"
},
"product_reference": "go1.16-1.16.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64"
},
"product_reference": "go1.16-1.16.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64"
},
"product_reference": "go1.16-doc-1.16.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le"
},
"product_reference": "go1.16-doc-1.16.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x"
},
"product_reference": "go1.16-doc-1.16.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64"
},
"product_reference": "go1.16-doc-1.16.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64"
},
"product_reference": "go1.16-race-1.16.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le"
},
"product_reference": "go1.16-race-1.16.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x"
},
"product_reference": "go1.16-race-1.16.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
},
"product_reference": "go1.16-race-1.16.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27918"
}
],
"notes": [
{
"category": "general",
"text": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27918",
"url": "https://www.suse.com/security/cve/CVE-2021-27918"
},
{
"category": "external",
"summary": "SUSE Bug 1183333 for CVE-2021-27918",
"url": "https://bugzilla.suse.com/1183333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-27918"
},
{
"cve": "CVE-2021-27919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27919"
}
],
"notes": [
{
"category": "general",
"text": "archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27919",
"url": "https://www.suse.com/security/cve/CVE-2021-27919"
},
{
"category": "external",
"summary": "SUSE Bug 1183334 for CVE-2021-27919",
"url": "https://bugzilla.suse.com/1183334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-27919"
},
{
"cve": "CVE-2021-31525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-31525"
}
],
"notes": [
{
"category": "general",
"text": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-31525",
"url": "https://www.suse.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "SUSE Bug 1185790 for CVE-2021-31525",
"url": "https://bugzilla.suse.com/1185790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-31525"
},
{
"cve": "CVE-2021-33195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33195"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33195",
"url": "https://www.suse.com/security/cve/CVE-2021-33195"
},
{
"category": "external",
"summary": "SUSE Bug 1187443 for CVE-2021-33195",
"url": "https://bugzilla.suse.com/1187443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-33195"
},
{
"cve": "CVE-2021-33196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33196"
}
],
"notes": [
{
"category": "general",
"text": "In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive\u0027s header) can cause a NewReader or OpenReader panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33196",
"url": "https://www.suse.com/security/cve/CVE-2021-33196"
},
{
"category": "external",
"summary": "SUSE Bug 1186622 for CVE-2021-33196",
"url": "https://bugzilla.suse.com/1186622"
},
{
"category": "external",
"summary": "SUSE Bug 1190589 for CVE-2021-33196",
"url": "https://bugzilla.suse.com/1190589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33196"
},
{
"cve": "CVE-2021-33197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33197"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33197",
"url": "https://www.suse.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "SUSE Bug 1187444 for CVE-2021-33197",
"url": "https://bugzilla.suse.com/1187444"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-33197"
},
{
"cve": "CVE-2021-33198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33198"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33198",
"url": "https://www.suse.com/security/cve/CVE-2021-33198"
},
{
"category": "external",
"summary": "SUSE Bug 1187445 for CVE-2021-33198",
"url": "https://bugzilla.suse.com/1187445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33198"
},
{
"cve": "CVE-2021-34558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-34558"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-34558",
"url": "https://www.suse.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "SUSE Bug 1188229 for CVE-2021-34558",
"url": "https://bugzilla.suse.com/1188229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-34558"
},
{
"cve": "CVE-2021-36221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36221"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36221",
"url": "https://www.suse.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "SUSE Bug 1189162 for CVE-2021-36221",
"url": "https://bugzilla.suse.com/1189162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-36221"
},
{
"cve": "CVE-2021-39293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39293"
}
],
"notes": [
{
"category": "general",
"text": "In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39293",
"url": "https://www.suse.com/security/cve/CVE-2021-39293"
},
{
"category": "external",
"summary": "SUSE Bug 1190589 for CVE-2021-39293",
"url": "https://bugzilla.suse.com/1190589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-39293"
}
]
}
RHEA-2022:1596
Vulnerability from csaf_redhat - Published: 2022-04-26 16:51 - Updated: 2026-04-29 07:55Summary
Red Hat Enhancement Advisory: OpenShift Virtualization 4.9.4 Images
Severity
Moderate
Notes
Topic: Red Hat OpenShift Virtualization release 4.9.4 is now available with updates to packages and images that fix several bugs and add enhancements.
Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.9.4 images:
RHEL-8-CNV-4.9
==============
hyperconverged-cluster-webhook-container-v4.9.4-5
hyperconverged-cluster-operator-container-v4.9.4-5
kubevirt-template-validator-container-v4.9.4-5
virtio-win-container-v4.9.4-5
vm-import-operator-container-v4.9.4-5
virt-cdi-operator-container-v4.9.4-7
node-maintenance-operator-container-v4.9.4-5
hostpath-provisioner-container-v4.9.4-5
vm-import-controller-container-v4.9.4-5
cnv-containernetworking-plugins-container-v4.9.4-5
ovs-cni-marker-container-v4.9.4-5
kubevirt-vmware-container-v4.9.4-6
kubernetes-nmstate-handler-container-v4.9.4-7
kubevirt-ssp-operator-container-v4.9.4-5
ovs-cni-plugin-container-v4.9.4-5
vm-import-virtv2v-container-v4.9.4-5
kubevirt-v2v-conversion-container-v4.9.4-5
virt-cdi-cloner-container-v4.9.4-7
bridge-marker-container-v4.9.4-5
hostpath-provisioner-operator-container-v4.9.4-5
kubemacpool-container-v4.9.4-5
virt-cdi-uploadproxy-container-v4.9.4-7
virt-cdi-controller-container-v4.9.4-7
virt-cdi-uploadserver-container-v4.9.4-7
virt-cdi-apiserver-container-v4.9.4-7
cluster-network-addons-operator-container-v4.9.4-7
virt-cdi-importer-container-v4.9.4-7
virt-controller-container-v4.9.4-7
virt-handler-container-v4.9.4-7
virt-api-container-v4.9.4-7
virt-artifacts-server-container-v4.9.4-7
virt-operator-container-v4.9.4-7
virt-launcher-container-v4.9.4-7
libguestfs-tools-container-v4.9.4-7
cnv-must-gather-container-v4.9.4-11
hco-bundle-registry-container-v4.9.4-58
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.
5.9 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64 | — |
Workaround
|
Threats
Impact
Moderate
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64 | — |
Workaround
|
Threats
Impact
Moderate
There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
4.8 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.9.4 is now available with updates to packages and images that fix several bugs and add enhancements.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.9.4 images:\n\nRHEL-8-CNV-4.9\n==============\nhyperconverged-cluster-webhook-container-v4.9.4-5\nhyperconverged-cluster-operator-container-v4.9.4-5\nkubevirt-template-validator-container-v4.9.4-5\nvirtio-win-container-v4.9.4-5\nvm-import-operator-container-v4.9.4-5\nvirt-cdi-operator-container-v4.9.4-7\nnode-maintenance-operator-container-v4.9.4-5\nhostpath-provisioner-container-v4.9.4-5\nvm-import-controller-container-v4.9.4-5\ncnv-containernetworking-plugins-container-v4.9.4-5\novs-cni-marker-container-v4.9.4-5\nkubevirt-vmware-container-v4.9.4-6\nkubernetes-nmstate-handler-container-v4.9.4-7\nkubevirt-ssp-operator-container-v4.9.4-5\novs-cni-plugin-container-v4.9.4-5\nvm-import-virtv2v-container-v4.9.4-5\nkubevirt-v2v-conversion-container-v4.9.4-5\nvirt-cdi-cloner-container-v4.9.4-7\nbridge-marker-container-v4.9.4-5\nhostpath-provisioner-operator-container-v4.9.4-5\nkubemacpool-container-v4.9.4-5\nvirt-cdi-uploadproxy-container-v4.9.4-7\nvirt-cdi-controller-container-v4.9.4-7\nvirt-cdi-uploadserver-container-v4.9.4-7\nvirt-cdi-apiserver-container-v4.9.4-7\ncluster-network-addons-operator-container-v4.9.4-7\nvirt-cdi-importer-container-v4.9.4-7\nvirt-controller-container-v4.9.4-7\nvirt-handler-container-v4.9.4-7\nvirt-api-container-v4.9.4-7\nvirt-artifacts-server-container-v4.9.4-7\nvirt-operator-container-v4.9.4-7\nvirt-launcher-container-v4.9.4-7\nlibguestfs-tools-container-v4.9.4-7\ncnv-must-gather-container-v4.9.4-11\nhco-bundle-registry-container-v4.9.4-58",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2022:1596",
"url": "https://access.redhat.com/errata/RHEA-2022:1596"
},
{
"category": "external",
"summary": "2049800",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049800"
},
{
"category": "external",
"summary": "2055546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055546"
},
{
"category": "external",
"summary": "2055786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055786"
},
{
"category": "external",
"summary": "2059111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059111"
},
{
"category": "external",
"summary": "2068147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2068147"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhea-2022_1596.json"
}
],
"title": "Red Hat Enhancement Advisory: OpenShift Virtualization 4.9.4 Images",
"tracking": {
"current_release_date": "2026-04-29T07:55:53+00:00",
"generator": {
"date": "2026-04-29T07:55:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.6"
}
},
"id": "RHEA-2022:1596",
"initial_release_date": "2022-04-26T16:51:34+00:00",
"revision_history": [
{
"date": "2022-04-26T16:51:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-04-26T16:51:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-29T07:55:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.9 for RHEL 8",
"product": {
"name": "CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"product": {
"name": "container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"product_id": "container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"product": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"product": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"product": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.9.4-11"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"product": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"product_id": "container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.9.4-58"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"product": {
"name": "container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"product_id": "container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"product": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"product_id": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"product_id": "container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"product_id": "container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"product_id": "container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware\u0026tag=v4.9.4-6"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"product": {
"name": "container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"product_id": "container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"product": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"product_id": "container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"product_id": "container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"product_id": "container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"product": {
"name": "container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"product_id": "container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"product": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"product_id": "container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"product_id": "container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"product_id": "container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"product_id": "container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"product_id": "container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"product": {
"name": "container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"product_id": "container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"product": {
"name": "container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"product_id": "container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"product": {
"name": "container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"product_id": "container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"product": {
"name": "container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"product_id": "container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"product": {
"name": "container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"product_id": "container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.9.4-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"product": {
"name": "container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"product_id": "container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"product": {
"name": "container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"product_id": "container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8\u0026tag=v4.9.4-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64",
"product": {
"name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64",
"product_id": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8\u0026tag=v4.9.4-5"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64"
},
"product_reference": "container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64"
},
"product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64"
},
"product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64"
},
"product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64"
},
"product_reference": "container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64"
},
"product_reference": "container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64"
},
"product_reference": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64"
},
"product_reference": "container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64"
},
"product_reference": "container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64"
},
"product_reference": "container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64"
},
"product_reference": "container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64"
},
"product_reference": "container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64"
},
"product_reference": "container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64"
},
"product_reference": "container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64"
},
"product_reference": "container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64"
},
"product_reference": "container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64"
},
"product_reference": "container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64"
},
"product_reference": "container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64"
},
"product_reference": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36221",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2021-08-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995656"
}
],
"notes": [
{
"category": "description",
"text": "A race condition flaw was found in Go. The incoming requests body weren\u0027t closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the impacted RHOSP packages.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF1.3, no update will be provided at this time for the STF1.3 sg-core-container. Additionally, because Service Telemetry Framework1.2 will be retiring soon, no update will be provided at this time for the STF1.2 smart-gateway-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64"
],
"known_not_affected": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "RHBZ#1995656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk",
"url": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk"
}
],
"release_date": "2021-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-26T16:51:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2022:1596"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64"
],
"known_not_affected": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-26T16:51:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2022:1596"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030806"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64"
],
"known_not_affected": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "RHBZ#2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-26T16:51:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2022:1596"
},
{
"category": "workaround",
"details": "This bug can be mitigated by raising the per-process file descriptor limit.",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:eb63407b81056963a060f58e7afe807f1b08be88f046b44a4459999cedbf6e99_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:f18bbaeaf277bc146b02ef03cdaf807f955eea6ef50ed0c1e665c72c4a3d42d8_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:364813b965739e72a8fe667e1f451ca2a91a7b1eeb8df66837d4ed201b51e53d_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:8fce40dfb7b1a9cf5a7e95412a04e95f40303777f7659b0d9b69563c299d6edf_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:4247e831589dc4bb2c7557968a373fa7e4beca1fdbc03c793ee21a52ca23e235_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:06a3ad22559f6a7d164f11feeb24345534569b14e9e85fa23f6e1dbfeaaa3313_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:9fbfc7da92a4cc85b46f8d3f0b8aa0f1890465ee59cc79dd9815d24705ee3fc8_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:3a0f236a496da41cacef9120b92fce824d583ed1ff3e4c9020b2f7d07fe24bfe_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:447ac82014865d414a85a5f7b5feb50225ec0edd23a89c8a0b096546a507a88d_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:8ab02a419851ce54a8670cb6cff948b73b3e29f27cdf8bd3cf3425ad1e039d75_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f6ca7f841a6906e46f3738e82f95cf6e244b38e3cb88eeca6db2f3828a236723_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:98a23699e67116f3eb2632f75bd62d61ba7c7511739ef429743147466eadd21f_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:9edb68f99fbcb4f4458219ef7993f43f06daa3d0fa31f1ce7c5e6ec42d54a568_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:e1971509511962011b978e04cb61fa9b3762053015b906f22d2a5e52684f887b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:360c214fc6979578b0b8d5ab2df51462444380337aeadbd841fa60828e3b4b9f_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:d433fb1157e3fc62ee4c5df813327cf6a2d8c2b95f2873e629076e25000de09a_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:48390b221ccb1d3a95d0da553f6f02ec32f36602bb91d2ffe08ab8c8bcd586c5_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:91b1e6a4aab30c71e8ee9823939bac64b5e4e5447d3a213c9debbd7a6d7a39cb_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:0e517140884f3359c2bb89e3cd9f21c795d05eccc01f40a18050ec8244a42b9b_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:d5c76d3d7ca8a10acde943e43b829a88344fafdb7c0af67065e0a513a7a432b8_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:03bf2793fed7c153865ccaec0e22984e9c814a58d7c69aa5e1ef0acb05719a81_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:f077c865c52d31950a1addc05d46676aff706f9dec63e0e8c572b7acf1d39577_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:8942132093aa941a25f2707d9baf05a97a1cbaa530095ada903c19db50198886_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:2f3339933eb755bc678df74b834e2016f5f291fd5612816eeff5d69436daa136_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:c57c2c4036f80b790c93303a87d72a748aad7da3a4b051f7118ab9fbaeda7def_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:11c4d75ba0dfc7a13bc921dd1bd84cc0a8fa4e0ddd7eca89924ca1792773278d_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:a90837a9a8fe7b48ac693a97ec2eac04bac8d6652c84e12ee980f7ce7dfa0a4f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:28e6cdf743f7a86627a0380ecbea29c9b1942558f35acf4a56118b10ea1f3765_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:3ed022ba0e42eba7261b6d46fb492136ccf2fca4615102db8692b896fc3242b4_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:f676958ba010152c49e97326405453d03eec1ccd246ca47567000189f22483bd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:0b01fc6b88611f08856ad7ea4ba0b81c354e42ca0eab0362c041f2a46c9d8f71_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:9a856c6d48efda1f308e3c53efbb74dc15c132141eb559d018ef5ad89d9a3d7c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bcc9a647be6e86ac01faefbf82228aaa84f81946add086397dbdec05eb83a87a_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:2bba13caf38fa872710c5ec4f042720e1182039b11c65d211d6139eaf176b631_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:f231305d0d7e8c40cbface56d384940cbb566f4d14900c83976e794b60e49982_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8de93e2a69cf8fa2cb0c0d877459f5bc31057f76267ef93bdc7c30db9d2847ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…