{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2022:8098","synopsis":"Moderate: toolbox security and bug fix update","severity":"SEVERITY_MODERATE","topic":"An update for toolbox is now available for Rocky Linux 9.\nRocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.","description":"Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nAdditional Changes:\nFor detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[{"ticket":"2089194","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2089194","description":"Bump the minimum required golang version to >= 1.17.7"},{"ticket":"2107342","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107342","description":"CVE-2022-30631 golang: compress\/gzip: stack exhaustion in Reader.Read"},{"ticket":"2107371","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107371","description":"CVE-2022-30630 golang: io\/fs: stack exhaustion in Glob"},{"ticket":"2107374","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107374","description":"CVE-2022-1705 golang: net\/http: improper sanitization of Transfer-Encoding header"},{"ticket":"2107386","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107386","description":"CVE-2022-30632 golang: path\/filepath: stack exhaustion in Glob"}],"cves":[{"name":"CVE-2022-1705","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-1705.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N","cvss3BaseScore":"6.5","cwe":""},{"name":"CVE-2022-30630","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-30630.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-1325"},{"name":"CVE-2022-30631","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-30631.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-1325"},{"name":"CVE-2022-30632","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-30632.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-1325"}],"references":[],"publishedAt":"2023-01-26T21:50:01.648854Z","rpms":{},"rebootSuggested":false,"buildReferences":[]}