The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://go.dev/cl/506996 https://pkg.go.dev/vuln/GO-2023-1878 https://go.dev/issue/60374
Created golang tracking bugs for this issue: Affects: epel-all [bug 2224490] Affects: fedora-all [bug 2224491]
I see that there are toolbox bugs for RHEL 8 (bug 2222320 and bug 2222325), but not for RHEL 9. Is that intentional? There's no real difference between the Toolbx code we ship across RHEL 8 and 9. We have been missing RHEL 9 CVE bugs for toolbox in recent times. So I wonder if a bug has crept into some script.
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2023:5935 https://access.redhat.com/errata/RHSA-2023:5935
This issue has been addressed in the following products: RHOL-5.6-RHEL-8 Via RHSA-2023:5541 https://access.redhat.com/errata/RHSA-2023:5541
This issue has been addressed in the following products: RHOL-5.7-RHEL-8 Via RHSA-2023:5530 https://access.redhat.com/errata/RHSA-2023:5530
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2023:5965 https://access.redhat.com/errata/RHSA-2023:5965
This issue has been addressed in the following products: NETWORK-OBSERVABILITY-1.4.0-RHEL-9 Via RHSA-2023:5974 https://access.redhat.com/errata/RHSA-2023:5974
This issue has been addressed in the following products: STF-1.5-RHEL-8 Via RHSA-2023:5976 https://access.redhat.com/errata/RHSA-2023:5976
This issue has been addressed in the following products: Cryostat 2 on RHEL 8 Via RHSA-2023:6031 https://access.redhat.com/errata/RHSA-2023:6031
This issue has been addressed in the following products: Red Hat Openshift distributed tracing 2.9 Via RHSA-2023:6085 https://access.redhat.com/errata/RHSA-2023:6085
This issue has been addressed in the following products: OADP-1.1-RHEL-8 Via RHSA-2023:6115 https://access.redhat.com/errata/RHSA-2023:6115
This issue has been addressed in the following products: RODOO-1.0-RHEL-8 Via RHSA-2023:5947 https://access.redhat.com/errata/RHSA-2023:5947
This issue has been addressed in the following products: OSSO-1.1-RHEL-8 Via RHSA-2023:5933 https://access.redhat.com/errata/RHSA-2023:5933
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2023:6161 https://access.redhat.com/errata/RHSA-2023:6161
This issue has been addressed in the following products: Red Hat OpenShift Serverless 1.30 Via RHSA-2023:6296 https://access.redhat.com/errata/RHSA-2023:6296
This issue has been addressed in the following products: Openshift Serverless 1 on RHEL 8 Via RHSA-2023:6298 https://access.redhat.com/errata/RHSA-2023:6298
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6346 https://access.redhat.com/errata/RHSA-2023:6346
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6363 https://access.redhat.com/errata/RHSA-2023:6363
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6402 https://access.redhat.com/errata/RHSA-2023:6402
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6473 https://access.redhat.com/errata/RHSA-2023:6473
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6474 https://access.redhat.com/errata/RHSA-2023:6474
This issue has been addressed in the following products: Red Hat Satellite 6.14 for RHEL 8 Via RHSA-2023:6818 https://access.redhat.com/errata/RHSA-2023:6818
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:6938 https://access.redhat.com/errata/RHSA-2023:6938
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:6939 https://access.redhat.com/errata/RHSA-2023:6939
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7202 https://access.redhat.com/errata/RHSA-2023:7202
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2023:6840 https://access.redhat.com/errata/RHSA-2023:6840
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:0293 https://access.redhat.com/errata/RHSA-2024:0293
This issue has been addressed in the following products: MTA-6.2-RHEL-9 MTA-6.2-RHEL-8 Via RHSA-2024:1027 https://access.redhat.com/errata/RHSA-2024:1027
This issue has been addressed in the following products: Red Hat Advanced Cluster Security 4.4 Via RHSA-2024:1570 https://access.redhat.com/errata/RHSA-2024:1570