Headline
Red Hat Security Advisory 2024-4455-03
Red Hat Security Advisory 2024-4455-03 - Red Hat OpenShift Virtualization release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements.
The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4455.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat’s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Virtualization 4.16.0 Images security update
Advisory ID: RHSA-2024:4455-03
Product: OpenShift Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2024:4455
Issue date: 2024-07-10
Revision: 03
CVE Names: CVE-2023-45857
====================================================================
Summary:
Red Hat OpenShift Virtualization release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
OpenShift Virtualization is Red Hat’s virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.16.0 images.
Security Fix(es):
axios: exposure of confidential data stored in cookies (CVE-2023-45857)
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
jose-go: improper handling of highly compressed data (CVE-2024-28180)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution:
https://access.redhat.com/articles/11258
CVEs:
CVE-2023-45857
References:
https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2248979
https://bugzilla.redhat.com/show_bug.cgi?id=2268046
https://bugzilla.redhat.com/show_bug.cgi?id=2268854
https://issues.redhat.com/browse/CNV-18671
https://issues.redhat.com/browse/CNV-23541
https://issues.redhat.com/browse/CNV-23927
https://issues.redhat.com/browse/CNV-28040
https://issues.redhat.com/browse/CNV-29298
https://issues.redhat.com/browse/CNV-29431
https://issues.redhat.com/browse/CNV-29476
https://issues.redhat.com/browse/CNV-29869
https://issues.redhat.com/browse/CNV-30877
https://issues.redhat.com/browse/CNV-31319
https://issues.redhat.com/browse/CNV-31828
https://issues.redhat.com/browse/CNV-32664
https://issues.redhat.com/browse/CNV-32812
https://issues.redhat.com/browse/CNV-32997
https://issues.redhat.com/browse/CNV-33184
https://issues.redhat.com/browse/CNV-33527
https://issues.redhat.com/browse/CNV-33529
https://issues.redhat.com/browse/CNV-33701
https://issues.redhat.com/browse/CNV-33836
https://issues.redhat.com/browse/CNV-34072
https://issues.redhat.com/browse/CNV-34180
https://issues.redhat.com/browse/CNV-34488
https://issues.redhat.com/browse/CNV-34884
https://issues.redhat.com/browse/CNV-35213
https://issues.redhat.com/browse/CNV-35452
https://issues.redhat.com/browse/CNV-35728
https://issues.redhat.com/browse/CNV-35729
https://issues.redhat.com/browse/CNV-35763
https://issues.redhat.com/browse/CNV-35782
https://issues.redhat.com/browse/CNV-35859
https://issues.redhat.com/browse/CNV-36130
https://issues.redhat.com/browse/CNV-36208
https://issues.redhat.com/browse/CNV-36209
https://issues.redhat.com/browse/CNV-36210
https://issues.redhat.com/browse/CNV-36211
https://issues.redhat.com/browse/CNV-36271
https://issues.redhat.com/browse/CNV-36299
https://issues.redhat.com/browse/CNV-36837
https://issues.redhat.com/browse/CNV-37111
https://issues.redhat.com/browse/CNV-37373
https://issues.redhat.com/browse/CNV-37376
https://issues.redhat.com/browse/CNV-37377
https://issues.redhat.com/browse/CNV-37378
https://issues.redhat.com/browse/CNV-37382
https://issues.redhat.com/browse/CNV-37383
https://issues.redhat.com/browse/CNV-37412
https://issues.redhat.com/browse/CNV-37462
https://issues.redhat.com/browse/CNV-37501
https://issues.redhat.com/browse/CNV-37629
https://issues.redhat.com/browse/CNV-37667
https://issues.redhat.com/browse/CNV-37685
https://issues.redhat.com/browse/CNV-37788
https://issues.redhat.com/browse/CNV-37857
https://issues.redhat.com/browse/CNV-37859
https://issues.redhat.com/browse/CNV-38129
https://issues.redhat.com/browse/CNV-38270
https://issues.redhat.com/browse/CNV-38375
https://issues.redhat.com/browse/CNV-38404
https://issues.redhat.com/browse/CNV-38450
https://issues.redhat.com/browse/CNV-38568
https://issues.redhat.com/browse/CNV-38596
https://issues.redhat.com/browse/CNV-38608
https://issues.redhat.com/browse/CNV-38609
https://issues.redhat.com/browse/CNV-38655
https://issues.redhat.com/browse/CNV-38700
https://issues.redhat.com/browse/CNV-38707
https://issues.redhat.com/browse/CNV-38724
https://issues.redhat.com/browse/CNV-38883
https://issues.redhat.com/browse/CNV-38887
https://issues.redhat.com/browse/CNV-38902
https://issues.redhat.com/browse/CNV-39028
https://issues.redhat.com/browse/CNV-39030
https://issues.redhat.com/browse/CNV-39034
https://issues.redhat.com/browse/CNV-39056
https://issues.redhat.com/browse/CNV-39101
https://issues.redhat.com/browse/CNV-39371
https://issues.redhat.com/browse/CNV-39418
https://issues.redhat.com/browse/CNV-39421
https://issues.redhat.com/browse/CNV-39425
https://issues.redhat.com/browse/CNV-39469
https://issues.redhat.com/browse/CNV-39558
https://issues.redhat.com/browse/CNV-39618
https://issues.redhat.com/browse/CNV-39659
https://issues.redhat.com/browse/CNV-39682
https://issues.redhat.com/browse/CNV-39685
https://issues.redhat.com/browse/CNV-39722
https://issues.redhat.com/browse/CNV-39727
https://issues.redhat.com/browse/CNV-39752
https://issues.redhat.com/browse/CNV-39753
https://issues.redhat.com/browse/CNV-39878
https://issues.redhat.com/browse/CNV-39880
https://issues.redhat.com/browse/CNV-39893
https://issues.redhat.com/browse/CNV-39940
https://issues.redhat.com/browse/CNV-39941
https://issues.redhat.com/browse/CNV-39946
https://issues.redhat.com/browse/CNV-39978
https://issues.redhat.com/browse/CNV-39995
https://issues.redhat.com/browse/CNV-40006
https://issues.redhat.com/browse/CNV-40120
https://issues.redhat.com/browse/CNV-40136
https://issues.redhat.com/browse/CNV-40161
https://issues.redhat.com/browse/CNV-40162
https://issues.redhat.com/browse/CNV-40164
https://issues.redhat.com/browse/CNV-40196
https://issues.redhat.com/browse/CNV-40200
https://issues.redhat.com/browse/CNV-40242
https://issues.redhat.com/browse/CNV-40258
https://issues.redhat.com/browse/CNV-40334
https://issues.redhat.com/browse/CNV-40335
https://issues.redhat.com/browse/CNV-40336
https://issues.redhat.com/browse/CNV-40341
https://issues.redhat.com/browse/CNV-40344
https://issues.redhat.com/browse/CNV-40419
https://issues.redhat.com/browse/CNV-40445
https://issues.redhat.com/browse/CNV-40455
https://issues.redhat.com/browse/CNV-40457
https://issues.redhat.com/browse/CNV-40598
https://issues.redhat.com/browse/CNV-40682
https://issues.redhat.com/browse/CNV-40776
https://issues.redhat.com/browse/CNV-40846
https://issues.redhat.com/browse/CNV-40886
https://issues.redhat.com/browse/CNV-40903
https://issues.redhat.com/browse/CNV-41084
https://issues.redhat.com/browse/CNV-41139
https://issues.redhat.com/browse/CNV-41195
https://issues.redhat.com/browse/CNV-41199
https://issues.redhat.com/browse/CNV-41200
https://issues.redhat.com/browse/CNV-41203
https://issues.redhat.com/browse/CNV-41206
https://issues.redhat.com/browse/CNV-41209
https://issues.redhat.com/browse/CNV-41210
https://issues.redhat.com/browse/CNV-41224
https://issues.redhat.com/browse/CNV-41286
https://issues.redhat.com/browse/CNV-41355
https://issues.redhat.com/browse/CNV-41385
https://issues.redhat.com/browse/CNV-41386
https://issues.redhat.com/browse/CNV-41402
https://issues.redhat.com/browse/CNV-41474
https://issues.redhat.com/browse/CNV-41494
https://issues.redhat.com/browse/CNV-41495
https://issues.redhat.com/browse/CNV-41503
https://issues.redhat.com/browse/CNV-41507
https://issues.redhat.com/browse/CNV-41522
https://issues.redhat.com/browse/CNV-41526
https://issues.redhat.com/browse/CNV-41550
https://issues.redhat.com/browse/CNV-41579
https://issues.redhat.com/browse/CNV-41590
https://issues.redhat.com/browse/CNV-41600
https://issues.redhat.com/browse/CNV-41604
https://issues.redhat.com/browse/CNV-41632
https://issues.redhat.com/browse/CNV-41640
https://issues.redhat.com/browse/CNV-41772
https://issues.redhat.com/browse/CNV-41804
https://issues.redhat.com/browse/CNV-41844
https://issues.redhat.com/browse/CNV-41846
https://issues.redhat.com/browse/CNV-41959
https://issues.redhat.com/browse/CNV-42015
https://issues.redhat.com/browse/CNV-42052
https://issues.redhat.com/browse/CNV-42087
https://issues.redhat.com/browse/CNV-42363
https://issues.redhat.com/browse/CNV-42622
https://issues.redhat.com/browse/CNV-42786
https://issues.redhat.com/browse/CNV-42844
https://issues.redhat.com/browse/CNV-42853
https://issues.redhat.com/browse/CNV-42884
https://issues.redhat.com/browse/CNV-43024
https://issues.redhat.com/browse/CNV-43027
https://issues.redhat.com/browse/CNV-43033
https://issues.redhat.com/browse/CNV-43039
https://issues.redhat.com/browse/CNV-43041
https://issues.redhat.com/browse/CNV-43069
https://issues.redhat.com/browse/CNV-43194
https://issues.redhat.com/browse/CNV-43205
Related news
Red Hat Security Advisory 2024-5314-03 - Red Hat OpenShift Virtualization release 4.13.10 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2024-5054-03 - Red Hat OpenShift Virtualization release 4.16.1 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2024-4591-03 - Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.16.0 on Red Hat Enterprise Linux 9. Issues addressed include denial of service, memory leak, and resource exhaustion vulnerabilities.
Gentoo Linux Security Advisory 202407-25 - Multiple vulnerabilities have been discovered in Buildah, the worst of which could lead to privilege escalation. Versions greater than or equal to 1.35.3 are affected.
Red Hat Security Advisory 2024-4269-03 - Red Hat OpenShift Virtualization release 4.12.12 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2024-3637-03 - Secondary Scheduler Operator for Red Hat OpenShift 1.3.0 for RHEL 9. Issues addressed include denial of service and memory exhaustion vulnerabilities.
Red Hat Security Advisory 2024-0045-03 - Red Hat OpenShift Container Platform release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service, memory exhaustion, and resource exhaustion vulnerabilities.
Red Hat Security Advisory 2024-0043-03 - Red Hat build of MicroShift release 4.16.0 is now available with updates to packages and images that include a security update. Issues addressed include a bypass vulnerability.
Ubuntu Security Notice 6746-2 - USN-6746-1 fixed vulnerabilities in Google Guest Agent and Google OS Config Agent. This update provides the corresponding update for Ubuntu 24.04 LTS. It was discovered that Google Guest Agent and Google OS Config Agent incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2024-3989-03 - Migration Toolkit for Applications 6.2.3 release. Issues addressed include denial of service, memory leak, and password leak vulnerabilities.
Red Hat Security Advisory 2024-3968-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a resource exhaustion vulnerability.
Red Hat Security Advisory 2024-3920-03 - Migration Toolkit for Runtimes 1.2.6 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a password leak vulnerability.
Red Hat Security Advisory 2024-3827-03 - An update for buildah is now available for Red Hat Enterprise Linux 9. Issues addressed include memory exhaustion and resource exhaustion vulnerabilities.
Red Hat Security Advisory 2024-3349-03 - Red Hat OpenShift Container Platform release 4.12.58 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2024-3473-03 - Red Hat OpenShift Virtualization release 4.14.6 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2024-3351-03 - Red Hat OpenShift Container Platform release 4.12.58 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2024-2869-03 - Red Hat OpenShift Container Platform release 4.14.26 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2024-2666-03 - Red Hat OpenShift Container Platform release 4.14.24 is now available with updates to packages and images that fix several bugs.
Red Hat Security Advisory 2024-2071-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2024-2054-03 - Red Hat OpenShift Container Platform release 4.14.23 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2024-2049-03 - Red Hat OpenShift Container Platform release 4.13.41 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-2639-03 - The Migration Toolkit for Containers 1.7.15 is now available.
Ubuntu Security Notice 6746-1 - It was discovered that Google Guest Agent and Google OS Config Agent incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2024-1812-03 - Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates. Issues addressed include denial of service and memory leak vulnerabilities.
Red Hat Security Advisory 2024-1640-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include HTTP request smuggling, denial of service, local file inclusion, memory leak, and traversal vulnerabilities.
Red Hat Security Advisory 2024-1563-03 - Red Hat OpenShift Container Platform release 4.15.6 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2024-1563-03 - Red Hat OpenShift Container Platform release 4.15.6 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2024-1362-03 - An update for cnf-tests-container, dpdk-base-container, NUMA-aware secondary scheduler, numaresources-operator and numaresources-operator-must-gather is now available for Red Hat OpenShift Container Platform 4.14.
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.