Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2023-3366-01

Red Hat Security Advisory 2023-3366-01 - Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.2. Issues addressed include a traversal vulnerability.

Packet Storm
#vulnerability#web#red_hat#redis#js#git#java#kubernetes#ssh#rpm#docker#ssl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: OpenShift Container Platform 4.13.2 packages and security update
Advisory ID: RHSA-2023:3366-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3366
Issue date: 2023-06-07
CVE Names: CVE-2022-27191 CVE-2022-41722 CVE-2022-41724
CVE-2023-24540
=====================================================================

  1. Summary:

Red Hat OpenShift Container Platform release 4.13.2 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container
Platform 4.13.

Red Hat Product Security has rated this update as having a security impact
of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Ironic content for Red Hat OpenShift Container Platform 4.13 - noarch
Red Hat OpenShift Container Platform 4.13 - aarch64, noarch, ppc64le, s390x, x86_64

  1. Description:

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.13.2. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHSA-2023:3367

Security Fix(es):

  • golang: html/template: improper handling of JavaScript whitespace
    (CVE-2023-24540)

  • golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

  • golang: path/filepath: path-filepath filepath.Clean path traversal
    (CVE-2022-41722)

  • golang: crypto/tls: large handshake records may cause panics
    (CVE-2022-41724)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

  1. Solution:

For OpenShift Container Platform 4.13 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

  1. Bugs fixed (https://bugzilla.redhat.com/):

2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics
2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace
2203008 - CVE-2022-41722 golang: path/filepath: path-filepath filepath.Clean path traversal

  1. Package List:

Red Hat OpenShift Container Platform 4.13:

Source:
cri-o-1.26.3-7.rhaos4.13.gitec064c9.el8.src.rpm
openshift-4.13.0-202305301919.p0.g0001a21.assembly.stream.el8.src.rpm
openshift-clients-4.13.0-202305291355.p0.g1024efc.assembly.stream.el8.src.rpm

aarch64:
cri-o-1.26.3-7.rhaos4.13.gitec064c9.el8.aarch64.rpm
cri-o-debuginfo-1.26.3-7.rhaos4.13.gitec064c9.el8.aarch64.rpm
cri-o-debugsource-1.26.3-7.rhaos4.13.gitec064c9.el8.aarch64.rpm
openshift-clients-4.13.0-202305291355.p0.g1024efc.assembly.stream.el8.aarch64.rpm
openshift-hyperkube-4.13.0-202305301919.p0.g0001a21.assembly.stream.el8.aarch64.rpm

ppc64le:
cri-o-1.26.3-7.rhaos4.13.gitec064c9.el8.ppc64le.rpm
cri-o-debuginfo-1.26.3-7.rhaos4.13.gitec064c9.el8.ppc64le.rpm
cri-o-debugsource-1.26.3-7.rhaos4.13.gitec064c9.el8.ppc64le.rpm
openshift-clients-4.13.0-202305291355.p0.g1024efc.assembly.stream.el8.ppc64le.rpm
openshift-hyperkube-4.13.0-202305301919.p0.g0001a21.assembly.stream.el8.ppc64le.rpm

s390x:
cri-o-1.26.3-7.rhaos4.13.gitec064c9.el8.s390x.rpm
cri-o-debuginfo-1.26.3-7.rhaos4.13.gitec064c9.el8.s390x.rpm
cri-o-debugsource-1.26.3-7.rhaos4.13.gitec064c9.el8.s390x.rpm
openshift-clients-4.13.0-202305291355.p0.g1024efc.assembly.stream.el8.s390x.rpm
openshift-hyperkube-4.13.0-202305301919.p0.g0001a21.assembly.stream.el8.s390x.rpm

x86_64:
cri-o-1.26.3-7.rhaos4.13.gitec064c9.el8.x86_64.rpm
cri-o-debuginfo-1.26.3-7.rhaos4.13.gitec064c9.el8.x86_64.rpm
cri-o-debugsource-1.26.3-7.rhaos4.13.gitec064c9.el8.x86_64.rpm
openshift-clients-4.13.0-202305291355.p0.g1024efc.assembly.stream.el8.x86_64.rpm
openshift-clients-redistributable-4.13.0-202305291355.p0.g1024efc.assembly.stream.el8.x86_64.rpm
openshift-hyperkube-4.13.0-202305301919.p0.g0001a21.assembly.stream.el8.x86_64.rpm

Red Hat OpenShift Container Platform 4.13:

Source:
buildah-1.29.1-1.1.rhaos4.13.el9.src.rpm
cri-o-1.26.3-8.rhaos4.13.gitec064c9.el9.src.rpm
cri-tools-1.26.0-2.el9.src.rpm
kernel-5.14.0-284.16.1.el9_2.src.rpm
kernel-rt-5.14.0-284.16.1.rt14.301.el9_2.src.rpm
openshift-4.13.0-202305301919.p0.g0001a21.assembly.stream.el9.src.rpm
openshift-clients-4.13.0-202305291355.p0.g1024efc.assembly.stream.el9.src.rpm
podman-4.4.1-4.1.rhaos4.13.el9.src.rpm
skopeo-1.11.2-1.1.rhaos4.13.el9.src.rpm

aarch64:
bpftool-7.0.0-284.16.1.el9_2.aarch64.rpm
bpftool-debuginfo-7.0.0-284.16.1.el9_2.aarch64.rpm
buildah-1.29.1-1.1.rhaos4.13.el9.aarch64.rpm
buildah-debuginfo-1.29.1-1.1.rhaos4.13.el9.aarch64.rpm
buildah-debugsource-1.29.1-1.1.rhaos4.13.el9.aarch64.rpm
buildah-tests-1.29.1-1.1.rhaos4.13.el9.aarch64.rpm
buildah-tests-debuginfo-1.29.1-1.1.rhaos4.13.el9.aarch64.rpm
cri-o-1.26.3-8.rhaos4.13.gitec064c9.el9.aarch64.rpm
cri-o-debuginfo-1.26.3-8.rhaos4.13.gitec064c9.el9.aarch64.rpm
cri-o-debugsource-1.26.3-8.rhaos4.13.gitec064c9.el9.aarch64.rpm
cri-tools-1.26.0-2.el9.aarch64.rpm
cri-tools-debuginfo-1.26.0-2.el9.aarch64.rpm
cri-tools-debugsource-1.26.0-2.el9.aarch64.rpm
kernel-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-core-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-debug-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-debug-core-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-debug-debuginfo-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-debug-devel-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-debug-devel-matched-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-debug-modules-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-debug-modules-core-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-debug-modules-extra-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-debug-modules-internal-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-debug-modules-partner-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-debuginfo-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-devel-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-devel-matched-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-modules-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-modules-core-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-modules-extra-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-modules-internal-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-64k-modules-partner-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-core-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-cross-headers-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-debug-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-debug-core-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-debug-debuginfo-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-debug-devel-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-debug-devel-matched-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-debug-modules-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-debug-modules-core-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-debug-modules-extra-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-debug-modules-internal-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-debug-modules-partner-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-debuginfo-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-debuginfo-common-aarch64-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-devel-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-devel-matched-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-headers-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-modules-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-modules-core-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-modules-extra-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-modules-internal-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-modules-partner-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-selftests-internal-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-tools-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-tools-debuginfo-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-tools-libs-5.14.0-284.16.1.el9_2.aarch64.rpm
kernel-tools-libs-devel-5.14.0-284.16.1.el9_2.aarch64.rpm
openshift-clients-4.13.0-202305291355.p0.g1024efc.assembly.stream.el9.aarch64.rpm
openshift-hyperkube-4.13.0-202305301919.p0.g0001a21.assembly.stream.el9.aarch64.rpm
perf-5.14.0-284.16.1.el9_2.aarch64.rpm
perf-debuginfo-5.14.0-284.16.1.el9_2.aarch64.rpm
podman-4.4.1-4.1.rhaos4.13.el9.aarch64.rpm
podman-debuginfo-4.4.1-4.1.rhaos4.13.el9.aarch64.rpm
podman-debugsource-4.4.1-4.1.rhaos4.13.el9.aarch64.rpm
podman-gvproxy-4.4.1-4.1.rhaos4.13.el9.aarch64.rpm
podman-gvproxy-debuginfo-4.4.1-4.1.rhaos4.13.el9.aarch64.rpm
podman-plugins-4.4.1-4.1.rhaos4.13.el9.aarch64.rpm
podman-plugins-debuginfo-4.4.1-4.1.rhaos4.13.el9.aarch64.rpm
podman-remote-4.4.1-4.1.rhaos4.13.el9.aarch64.rpm
podman-remote-debuginfo-4.4.1-4.1.rhaos4.13.el9.aarch64.rpm
podman-tests-4.4.1-4.1.rhaos4.13.el9.aarch64.rpm
python3-perf-5.14.0-284.16.1.el9_2.aarch64.rpm
python3-perf-debuginfo-5.14.0-284.16.1.el9_2.aarch64.rpm
rtla-5.14.0-284.16.1.el9_2.aarch64.rpm
skopeo-1.11.2-1.1.rhaos4.13.el9.aarch64.rpm
skopeo-debuginfo-1.11.2-1.1.rhaos4.13.el9.aarch64.rpm
skopeo-debugsource-1.11.2-1.1.rhaos4.13.el9.aarch64.rpm
skopeo-tests-1.11.2-1.1.rhaos4.13.el9.aarch64.rpm

noarch:
kernel-abi-stablelists-5.14.0-284.16.1.el9_2.noarch.rpm
kernel-doc-5.14.0-284.16.1.el9_2.noarch.rpm
podman-docker-4.4.1-4.1.rhaos4.13.el9.noarch.rpm

ppc64le:
bpftool-7.0.0-284.16.1.el9_2.ppc64le.rpm
bpftool-debuginfo-7.0.0-284.16.1.el9_2.ppc64le.rpm
buildah-1.29.1-1.1.rhaos4.13.el9.ppc64le.rpm
buildah-debuginfo-1.29.1-1.1.rhaos4.13.el9.ppc64le.rpm
buildah-debugsource-1.29.1-1.1.rhaos4.13.el9.ppc64le.rpm
buildah-tests-1.29.1-1.1.rhaos4.13.el9.ppc64le.rpm
buildah-tests-debuginfo-1.29.1-1.1.rhaos4.13.el9.ppc64le.rpm
cri-o-1.26.3-8.rhaos4.13.gitec064c9.el9.ppc64le.rpm
cri-o-debuginfo-1.26.3-8.rhaos4.13.gitec064c9.el9.ppc64le.rpm
cri-o-debugsource-1.26.3-8.rhaos4.13.gitec064c9.el9.ppc64le.rpm
cri-tools-1.26.0-2.el9.ppc64le.rpm
cri-tools-debuginfo-1.26.0-2.el9.ppc64le.rpm
cri-tools-debugsource-1.26.0-2.el9.ppc64le.rpm
kernel-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-core-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-cross-headers-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-debug-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-debug-core-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-debug-debuginfo-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-debug-devel-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-debug-devel-matched-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-debug-modules-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-debug-modules-core-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-debug-modules-extra-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-debug-modules-internal-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-debug-modules-partner-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-debuginfo-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-debuginfo-common-ppc64le-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-devel-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-devel-matched-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-headers-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-ipaclones-internal-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-modules-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-modules-core-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-modules-extra-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-modules-internal-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-modules-partner-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-selftests-internal-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-tools-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-tools-debuginfo-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-tools-libs-5.14.0-284.16.1.el9_2.ppc64le.rpm
kernel-tools-libs-devel-5.14.0-284.16.1.el9_2.ppc64le.rpm
openshift-clients-4.13.0-202305291355.p0.g1024efc.assembly.stream.el9.ppc64le.rpm
openshift-hyperkube-4.13.0-202305301919.p0.g0001a21.assembly.stream.el9.ppc64le.rpm
perf-5.14.0-284.16.1.el9_2.ppc64le.rpm
perf-debuginfo-5.14.0-284.16.1.el9_2.ppc64le.rpm
podman-4.4.1-4.1.rhaos4.13.el9.ppc64le.rpm
podman-debuginfo-4.4.1-4.1.rhaos4.13.el9.ppc64le.rpm
podman-debugsource-4.4.1-4.1.rhaos4.13.el9.ppc64le.rpm
podman-gvproxy-4.4.1-4.1.rhaos4.13.el9.ppc64le.rpm
podman-gvproxy-debuginfo-4.4.1-4.1.rhaos4.13.el9.ppc64le.rpm
podman-plugins-4.4.1-4.1.rhaos4.13.el9.ppc64le.rpm
podman-plugins-debuginfo-4.4.1-4.1.rhaos4.13.el9.ppc64le.rpm
podman-remote-4.4.1-4.1.rhaos4.13.el9.ppc64le.rpm
podman-remote-debuginfo-4.4.1-4.1.rhaos4.13.el9.ppc64le.rpm
podman-tests-4.4.1-4.1.rhaos4.13.el9.ppc64le.rpm
python3-perf-5.14.0-284.16.1.el9_2.ppc64le.rpm
python3-perf-debuginfo-5.14.0-284.16.1.el9_2.ppc64le.rpm
rtla-5.14.0-284.16.1.el9_2.ppc64le.rpm
skopeo-1.11.2-1.1.rhaos4.13.el9.ppc64le.rpm
skopeo-debuginfo-1.11.2-1.1.rhaos4.13.el9.ppc64le.rpm
skopeo-debugsource-1.11.2-1.1.rhaos4.13.el9.ppc64le.rpm
skopeo-tests-1.11.2-1.1.rhaos4.13.el9.ppc64le.rpm

s390x:
bpftool-7.0.0-284.16.1.el9_2.s390x.rpm
bpftool-debuginfo-7.0.0-284.16.1.el9_2.s390x.rpm
buildah-1.29.1-1.1.rhaos4.13.el9.s390x.rpm
buildah-debuginfo-1.29.1-1.1.rhaos4.13.el9.s390x.rpm
buildah-debugsource-1.29.1-1.1.rhaos4.13.el9.s390x.rpm
buildah-tests-1.29.1-1.1.rhaos4.13.el9.s390x.rpm
buildah-tests-debuginfo-1.29.1-1.1.rhaos4.13.el9.s390x.rpm
cri-o-1.26.3-8.rhaos4.13.gitec064c9.el9.s390x.rpm
cri-o-debuginfo-1.26.3-8.rhaos4.13.gitec064c9.el9.s390x.rpm
cri-o-debugsource-1.26.3-8.rhaos4.13.gitec064c9.el9.s390x.rpm
cri-tools-1.26.0-2.el9.s390x.rpm
cri-tools-debuginfo-1.26.0-2.el9.s390x.rpm
cri-tools-debugsource-1.26.0-2.el9.s390x.rpm
kernel-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-core-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-cross-headers-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-debug-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-debug-core-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-debug-debuginfo-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-debug-devel-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-debug-devel-matched-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-debug-modules-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-debug-modules-core-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-debug-modules-extra-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-debug-modules-internal-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-debug-modules-partner-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-debuginfo-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-debuginfo-common-s390x-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-devel-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-devel-matched-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-headers-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-modules-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-modules-core-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-modules-extra-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-modules-internal-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-modules-partner-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-selftests-internal-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-tools-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-tools-debuginfo-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-zfcpdump-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-zfcpdump-core-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-zfcpdump-debuginfo-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-zfcpdump-devel-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-zfcpdump-devel-matched-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-zfcpdump-modules-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-zfcpdump-modules-core-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-zfcpdump-modules-extra-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-zfcpdump-modules-internal-5.14.0-284.16.1.el9_2.s390x.rpm
kernel-zfcpdump-modules-partner-5.14.0-284.16.1.el9_2.s390x.rpm
openshift-clients-4.13.0-202305291355.p0.g1024efc.assembly.stream.el9.s390x.rpm
openshift-hyperkube-4.13.0-202305301919.p0.g0001a21.assembly.stream.el9.s390x.rpm
perf-5.14.0-284.16.1.el9_2.s390x.rpm
perf-debuginfo-5.14.0-284.16.1.el9_2.s390x.rpm
podman-4.4.1-4.1.rhaos4.13.el9.s390x.rpm
podman-debuginfo-4.4.1-4.1.rhaos4.13.el9.s390x.rpm
podman-debugsource-4.4.1-4.1.rhaos4.13.el9.s390x.rpm
podman-gvproxy-4.4.1-4.1.rhaos4.13.el9.s390x.rpm
podman-gvproxy-debuginfo-4.4.1-4.1.rhaos4.13.el9.s390x.rpm
podman-plugins-4.4.1-4.1.rhaos4.13.el9.s390x.rpm
podman-plugins-debuginfo-4.4.1-4.1.rhaos4.13.el9.s390x.rpm
podman-remote-4.4.1-4.1.rhaos4.13.el9.s390x.rpm
podman-remote-debuginfo-4.4.1-4.1.rhaos4.13.el9.s390x.rpm
podman-tests-4.4.1-4.1.rhaos4.13.el9.s390x.rpm
python3-perf-5.14.0-284.16.1.el9_2.s390x.rpm
python3-perf-debuginfo-5.14.0-284.16.1.el9_2.s390x.rpm
rtla-5.14.0-284.16.1.el9_2.s390x.rpm
skopeo-1.11.2-1.1.rhaos4.13.el9.s390x.rpm
skopeo-debuginfo-1.11.2-1.1.rhaos4.13.el9.s390x.rpm
skopeo-debugsource-1.11.2-1.1.rhaos4.13.el9.s390x.rpm
skopeo-tests-1.11.2-1.1.rhaos4.13.el9.s390x.rpm

x86_64:
bpftool-7.0.0-284.16.1.el9_2.x86_64.rpm
bpftool-debuginfo-7.0.0-284.16.1.el9_2.x86_64.rpm
buildah-1.29.1-1.1.rhaos4.13.el9.x86_64.rpm
buildah-debuginfo-1.29.1-1.1.rhaos4.13.el9.x86_64.rpm
buildah-debugsource-1.29.1-1.1.rhaos4.13.el9.x86_64.rpm
buildah-tests-1.29.1-1.1.rhaos4.13.el9.x86_64.rpm
buildah-tests-debuginfo-1.29.1-1.1.rhaos4.13.el9.x86_64.rpm
cri-o-1.26.3-8.rhaos4.13.gitec064c9.el9.x86_64.rpm
cri-o-debuginfo-1.26.3-8.rhaos4.13.gitec064c9.el9.x86_64.rpm
cri-o-debugsource-1.26.3-8.rhaos4.13.gitec064c9.el9.x86_64.rpm
cri-tools-1.26.0-2.el9.x86_64.rpm
cri-tools-debuginfo-1.26.0-2.el9.x86_64.rpm
cri-tools-debugsource-1.26.0-2.el9.x86_64.rpm
kernel-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-core-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-cross-headers-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-debug-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-debug-core-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-debug-debuginfo-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-debug-devel-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-debug-devel-matched-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-debug-modules-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-debug-modules-core-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-debug-modules-extra-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-debug-modules-internal-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-debug-modules-partner-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-debug-uki-virt-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-debuginfo-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-debuginfo-common-x86_64-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-devel-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-devel-matched-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-headers-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-ipaclones-internal-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-modules-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-modules-core-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-modules-extra-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-modules-internal-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-modules-partner-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-rt-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-core-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-debug-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-debug-core-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-debug-debuginfo-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-debug-devel-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-debug-devel-matched-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-debug-kvm-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-debug-modules-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-debug-modules-core-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-debug-modules-extra-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-debug-modules-internal-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-debug-modules-partner-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-debuginfo-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-devel-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-devel-matched-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-kvm-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-modules-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-modules-core-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-modules-extra-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-modules-internal-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-modules-partner-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-rt-selftests-internal-5.14.0-284.16.1.rt14.301.el9_2.x86_64.rpm
kernel-selftests-internal-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-tools-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-tools-debuginfo-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-tools-libs-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-tools-libs-devel-5.14.0-284.16.1.el9_2.x86_64.rpm
kernel-uki-virt-5.14.0-284.16.1.el9_2.x86_64.rpm
openshift-clients-4.13.0-202305291355.p0.g1024efc.assembly.stream.el9.x86_64.rpm
openshift-clients-redistributable-4.13.0-202305291355.p0.g1024efc.assembly.stream.el9.x86_64.rpm
openshift-hyperkube-4.13.0-202305301919.p0.g0001a21.assembly.stream.el9.x86_64.rpm
perf-5.14.0-284.16.1.el9_2.x86_64.rpm
perf-debuginfo-5.14.0-284.16.1.el9_2.x86_64.rpm
podman-4.4.1-4.1.rhaos4.13.el9.x86_64.rpm
podman-debuginfo-4.4.1-4.1.rhaos4.13.el9.x86_64.rpm
podman-debugsource-4.4.1-4.1.rhaos4.13.el9.x86_64.rpm
podman-gvproxy-4.4.1-4.1.rhaos4.13.el9.x86_64.rpm
podman-gvproxy-debuginfo-4.4.1-4.1.rhaos4.13.el9.x86_64.rpm
podman-plugins-4.4.1-4.1.rhaos4.13.el9.x86_64.rpm
podman-plugins-debuginfo-4.4.1-4.1.rhaos4.13.el9.x86_64.rpm
podman-remote-4.4.1-4.1.rhaos4.13.el9.x86_64.rpm
podman-remote-debuginfo-4.4.1-4.1.rhaos4.13.el9.x86_64.rpm
podman-tests-4.4.1-4.1.rhaos4.13.el9.x86_64.rpm
python3-perf-5.14.0-284.16.1.el9_2.x86_64.rpm
python3-perf-debuginfo-5.14.0-284.16.1.el9_2.x86_64.rpm
rtla-5.14.0-284.16.1.el9_2.x86_64.rpm
skopeo-1.11.2-1.1.rhaos4.13.el9.x86_64.rpm
skopeo-debuginfo-1.11.2-1.1.rhaos4.13.el9.x86_64.rpm
skopeo-debugsource-1.11.2-1.1.rhaos4.13.el9.x86_64.rpm
skopeo-tests-1.11.2-1.1.rhaos4.13.el9.x86_64.rpm

Ironic content for Red Hat OpenShift Container Platform 4.13:

Source:
openstack-ironic-21.3.1-0.20230510075528.b3c902e.el9.src.rpm

noarch:
openstack-ironic-21.3.1-0.20230510075528.b3c902e.el9.noarch.rpm
openstack-ironic-api-21.3.1-0.20230510075528.b3c902e.el9.noarch.rpm
openstack-ironic-common-21.3.1-0.20230510075528.b3c902e.el9.noarch.rpm
openstack-ironic-conductor-21.3.1-0.20230510075528.b3c902e.el9.noarch.rpm
openstack-ironic-dnsmasq-tftp-server-21.3.1-0.20230510075528.b3c902e.el9.noarch.rpm
python3-ironic-tests-21.3.1-0.20230510075528.b3c902e.el9.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-27191
https://access.redhat.com/security/cve/CVE-2022-41722
https://access.redhat.com/security/cve/CVE-2022-41724
https://access.redhat.com/security/cve/CVE-2023-24540
https://access.redhat.com/security/updates/classification/#important
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZIAco9zjgjWX9erEAQhRwg//Yba6kKsoCMekQ5kvDaovQp2RTAvxFwnT
bgd7bvFGBKQ2KzRV4ZoUowscwqgW9X+rtOikWVCTLQkNXXLb4RsCPhC9bvuQ9rYG
5ZZwYLMWyo/yyS/mt4IT0cjrTGyawEMv+IaWKWsr5mYWCZQ48VDADVbdBoOA/E0y
u1Ho1kNquCH68qlXjwahs3999Hw92INL9ZmFUxPsOiGLUwTa9z3939PmZwR0rQhG
VIsX+1LLeKehCHCitvZOriNIgn9vyGsOAvg/oqo/LZvsnIw6lpG/RTYtyoW0Y1Aa
nlcyQ/ywtSXJy1L9MdTySs56YGSJRYx+L+RyGDSFZxu2QjxdGT1tWEeJ1ABQgpUG
Klvd5ZZgtv2LOrc2koLbMkgtB7wX+ZP8IGYrGG8lBmGJQ8q1QyWsEZKE33TUMApx
cAdO2b2iAdCucs3PCKowRZEmZPvIzrw8ipvJks2wajSeWe3uBzQI8HxdFo1r1ZVH
CGzFL5iRrW8lzNzhxcMZ5wNmetH+9QKKs4vKUrIpYIfmk5Q2yxa0hp2EZGT996MQ
wqYzBcnDPuR8NVZXdVcbUpaD/ZJz2CiaFOWexJNoha2+F8miuJH7NAtbCmxMVEXb
aHK6AJleJ1Tr/xpkvKmxW8K2zMENaXIW+jsQe3Jwv7eCCY1emLJU1qAPdxUr3oRF
Mm0b48UFAhg=
=4COM
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

Gentoo Linux Security Advisory 202408-07

Gentoo Linux Security Advisory 202408-7 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to information leakage or a denial of service. Versions greater than or equal to 1.22.3 are affected.

Gentoo Linux Security Advisory 202311-09

Gentoo Linux Security Advisory 202311-9 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution. Versions greater than or equal to 1.20.10 are affected.

Red Hat Security Advisory 2023-5964-01

Red Hat Security Advisory 2023-5964-01 - An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.2.5. Issues addressed include a denial of service vulnerability.

RHSA-2023:5442: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.2 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.2 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be att...

RHSA-2023:5376: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.3 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts ...

Red Hat Security Advisory 2023-4664-01

Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.

RHSA-2023:4627: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.2.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2022-4492: A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a...

RHSA-2023:4335: Red Hat Security Advisory: Security Update for cert-manager Operator for Red Hat OpenShift 1.10.3

cert-manager Operator for Red Hat OpenShift 1.10.3 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specia...

RHSA-2023:4420: Red Hat Security Advisory: OpenShift Virtualization 4.12.5 RPMs security and bug fix update

Red Hat OpenShift Virtualization release 4.12.5 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain ...

RHSA-2023:4289: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.11 security and bug fix update

OpenShift API for Data Protection (OADP) 1.0.11 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

Red Hat Security Advisory 2023-4003-01

Red Hat Security Advisory 2023-4003-01 - As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3925-01

Red Hat Security Advisory 2023-3925-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.23.

Red Hat Security Advisory 2023-3914-01

Red Hat Security Advisory 2023-3914-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.44.

Red Hat Security Advisory 2023-3911-01

Red Hat Security Advisory 2023-3911-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.63.

RHSA-2023:3910: Red Hat Security Advisory: Red Hat OpenShift Enterprise security update

Red Hat OpenShift Container Platform release 4.10.63 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server...

RHSA-2023:3905: Red Hat Security Advisory: Network observability 1.3.0 for Openshift

Network Observability 1.3.0 for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for the injection of unexpected HMTL if executed with untrusted input. * CVE-2023-24540: A flaw was found in golang,...

Red Hat Security Advisory 2023-3612-01

Red Hat Security Advisory 2023-3612-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.4. Issues addressed include a denial of service vulnerability.

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

Red Hat Security Advisory 2023-3624-01

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:3644: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.0

Red Hat OpenShift Service Mesh Containers for 2.4.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

RHSA-2023:3624: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.10 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A flaw was found in Golang Go, where it is vulnerable to a denial of service cause...

RHSA-2023:3545: Red Hat Security Advisory: OpenShift Container Platform 4.12.21 packages and security update

Red Hat OpenShift Container Platform release 4.12.21 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside ...

Red Hat Security Advisory 2023-3409-01

Red Hat Security Advisory 2023-3409-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.20.

RHSA-2023:3410: Red Hat Security Advisory: OpenShift Container Platform 4.12.20 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.20 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside...

RHSA-2023:3366: Red Hat Security Advisory: OpenShift Container Platform 4.13.2 packages and security update

Red Hat OpenShift Container Platform release 4.13.2 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms...

RHSA-2023:3445: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-28235: A flaw was found in etcd, where etc-io could allow a remote attacker to gain elevated privileges on the system caused by a vulnerability in the debug function. By sending a specially crafted request, an attacker can gain elevated privileges. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause e...

Red Hat Security Advisory 2023-3304-01

Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2023-3303-01

Red Hat Security Advisory 2023-3303-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.1.

RHSA-2023:3435: Red Hat Security Advisory: Red Hat Advanced Cluster Security 3.74 for Kubernetes security update

An update is now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for the injection of unexpected HMTL if executed with untrusted inpu...

Red Hat Security Advisory 2023-3415-01

Red Hat Security Advisory 2023-3415-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes security and bug fixes.

RHSA-2023:3415: Red Hat Security Advisory: ACS 4.0 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for the injection of unexpe...

RHSA-2023:3379: Red Hat Security Advisory: Red Hat Advanced Cluster Security for Kubernetes 3.73 security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions...

RHSA-2023:3304: Red Hat Security Advisory: OpenShift Container Platform 4.13.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a ...

Red Hat Security Advisory 2023-3323-01

Red Hat Security Advisory 2023-3323-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Red Hat Security Advisory 2023-3318-01

Red Hat Security Advisory 2023-3318-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler.

RHSA-2023:3323: Red Hat Security Advisory: go-toolset-1.19 and go-toolset-1.19-golang security update

An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24537: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service. * CVE-2023-24538: A flaw was found in Golang Go. This flaw ...

RHSA-2023:3319: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...

Red Hat Security Advisory 2023-3167-01

Red Hat Security Advisory 2023-3167-01 - New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Issues addressed include a denial of service vulnerability.

RHSA-2023:0584: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...

Red Hat Security Advisory 2023-1328-01

Red Hat Security Advisory 2023-1328-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2023-1326-01

Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

RHSA-2023:1325: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2990: An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has d...

RHSA-2023:1326: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...

Red Hat Security Advisory 2023-1327-01

Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.

CVE-2023-24540: [security] Go 1.20.4 and Go 1.19.9 are released

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

RHSA-2023:2107: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.9 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by...

Red Hat Security Advisory 2023-1639-01

Red Hat Security Advisory 2023-1639-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

CVE-2022-41722: GO-2023-1568 - Go Packages

A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

CVE-2022-41724: [security] Go 1.20.1 and Go 1.19.6 are released

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).

Red Hat Security Advisory 2022-9107-01

Red Hat Security Advisory 2022-9107-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.21. There are no RPM packages for this release. Space precludes documenting all of the container images in this advisory.

RHSA-2022:9107: Red Hat Security Advisory: OpenShift Container Platform 4.11.21 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.21 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

Red Hat Security Advisory 2022-8893-01

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

RHSA-2022:8938: Red Hat Security Advisory: Release of OpenShift Serverless 1.26.0

Release of OpenShift Serverless 1.26.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

Red Hat Security Advisory 2022-8932-01

Red Hat Security Advisory 2022-8932-01 - Red Hat OpenShift Serverless Client kn 1.26.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.26.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.

Red Hat Security Advisory 2022-8008-01

Red Hat Security Advisory 2022-8008-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Issues addressed include denial of service and information leakage vulnerabilities.

RHSA-2022:8008: Red Hat Security Advisory: buildah security and bug fix update

An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20291: containers/storage: DoS via malicious image * CVE-2021-33195: golang: net: lookup functions may return invalid host names * CVE-2021-33197: golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty * CVE-2021-33198: golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very l...

RHSA-2022:7469: Red Hat Security Advisory: container-tools:4.0 security and bug fix update

An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-29162: runc: incorrect handling of inheritable capabilities

RHSA-2022:7457: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-36221: golang: net/http/httputil: panic due to racy read of persistConn after handler panic * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-2990: buildah: possible information disclosure and modification * CVE-...

RHSA-2022:6347: Red Hat Security Advisory: VolSync 0.5 security fixes and updates

VolSync v0.5 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack e...

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution