{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2022:8098","synopsis":"Moderate: toolbox security and bug fix update","severity":"SEVERITY_MODERATE","topic":"An update for toolbox is now available for Rocky Linux 9.\nRocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.","description":"Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nAdditional Changes:\nFor detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[{"ticket":"2089194","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2089194","description":"Bump the minimum required golang version to >= 1.17.7"},{"ticket":"2107342","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107342","description":"CVE-2022-30631 golang: compress\/gzip: stack exhaustion in Reader.Read"},{"ticket":"2107371","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107371","description":"CVE-2022-30630 golang: io\/fs: stack exhaustion in Glob"},{"ticket":"2107374","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107374","description":"CVE-2022-1705 golang: net\/https: improper sanitization of Transfer-Encoding header"},{"ticket":"2107386","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107386","description":"CVE-2022-30632 golang: path\/filepath: stack exhaustion in Glob"}],"cves":[{"name":"CVE-2022-1705","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-1705.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N","cvss3BaseScore":"6.5","cwe":""},{"name":"CVE-2022-30630","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-30630.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-1325"},{"name":"CVE-2022-30631","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-30631.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-1325"},{"name":"CVE-2022-30632","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-30632.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-1325"}],"references":[],"publishedAt":"2023-01-26T21:50:01.648854Z","rpms":{},"rebootSuggested":false,"buildReferences":[]}
Rocky Linux: RLSA-2022:8098 toolbox security and bug fix update
January 26, 2023
An update for toolbox is now available for Rocky Linux 9.
Rocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate
Summary
An update for toolbox is now available for Rocky Linux 9. Rocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.
RPMs
References
No References
CVEs
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1705.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30630.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30631.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30632.json
Severity
Name: RLSA-2022:8098
Affected Products: Rocky Linux 9
Fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2089194
https://bugzilla.redhat.com/show_bug.cgi?id=2107342
https://bugzilla.redhat.com/show_bug.cgi?id=2107371
https://bugzilla.redhat.com/show_bug.cgi?id=2107374
https://bugzilla.redhat.com/show_bug.cgi?id=2107386
News
HOWTOs
Features
Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories
About Us
Powered By
