Headline
Red Hat Security Advisory 2024-8676-03
Red Hat Security Advisory 2024-8676-03 - Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.17.0 on Red Hat Enterprise Linux 9.
The following advisory data is extracted from:
https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8676.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat’s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat OpenShift Data Foundation 4.17.0 Security, Enhancement, & Bug Fix Update
Advisory ID: RHSA-2024:8676-03
Product: Red Hat OpenShift Data Foundation
Advisory URL: https://access.redhat.com/errata/RHSA-2024:8676
Issue date: 2024-10-30
Revision: 03
CVE Names: CVE-2023-26136
====================================================================
Summary:
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.17.0 on Red Hat Enterprise Linux 9.
Description:
Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.
These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:
https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.17/html/4.17_release_notes/index
All Red Hat OpenShift Data Foundation users are advised to upgrade to these packages that provide these bug fixes and enhancements.
Solution:
https://access.redhat.com/articles/11258
CVEs:
CVE-2023-26136
References:
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=2059669
https://bugzilla.redhat.com/show_bug.cgi?id=2190161
https://bugzilla.redhat.com/show_bug.cgi?id=2219310
https://bugzilla.redhat.com/show_bug.cgi?id=2241329
https://bugzilla.redhat.com/show_bug.cgi?id=2245068
https://bugzilla.redhat.com/show_bug.cgi?id=2250364
https://bugzilla.redhat.com/show_bug.cgi?id=2253013
https://bugzilla.redhat.com/show_bug.cgi?id=2257271
https://bugzilla.redhat.com/show_bug.cgi?id=2259668
https://bugzilla.redhat.com/show_bug.cgi?id=2262777
https://bugzilla.redhat.com/show_bug.cgi?id=2268046
https://bugzilla.redhat.com/show_bug.cgi?id=2268820
https://bugzilla.redhat.com/show_bug.cgi?id=2271773
https://bugzilla.redhat.com/show_bug.cgi?id=2272597
https://bugzilla.redhat.com/show_bug.cgi?id=2275225
https://bugzilla.redhat.com/show_bug.cgi?id=2275965
https://bugzilla.redhat.com/show_bug.cgi?id=2276393
https://bugzilla.redhat.com/show_bug.cgi?id=2276672
https://bugzilla.redhat.com/show_bug.cgi?id=2279751
https://bugzilla.redhat.com/show_bug.cgi?id=2279876
https://bugzilla.redhat.com/show_bug.cgi?id=2280308
https://bugzilla.redhat.com/show_bug.cgi?id=2280608
https://bugzilla.redhat.com/show_bug.cgi?id=2280637
https://bugzilla.redhat.com/show_bug.cgi?id=2283994
https://bugzilla.redhat.com/show_bug.cgi?id=2292435
https://bugzilla.redhat.com/show_bug.cgi?id=2292668
https://bugzilla.redhat.com/show_bug.cgi?id=2294234
https://bugzilla.redhat.com/show_bug.cgi?id=2294723
https://bugzilla.redhat.com/show_bug.cgi?id=2297265
https://bugzilla.redhat.com/show_bug.cgi?id=2297295
https://bugzilla.redhat.com/show_bug.cgi?id=2297447
https://bugzilla.redhat.com/show_bug.cgi?id=2297454
https://bugzilla.redhat.com/show_bug.cgi?id=2299630
https://bugzilla.redhat.com/show_bug.cgi?id=2299639
https://bugzilla.redhat.com/show_bug.cgi?id=2300021
https://bugzilla.redhat.com/show_bug.cgi?id=2300312
https://bugzilla.redhat.com/show_bug.cgi?id=2300331
https://bugzilla.redhat.com/show_bug.cgi?id=2300499
https://bugzilla.redhat.com/show_bug.cgi?id=2301889
https://bugzilla.redhat.com/show_bug.cgi?id=2302201
https://bugzilla.redhat.com/show_bug.cgi?id=2302257
https://bugzilla.redhat.com/show_bug.cgi?id=2302448
https://bugzilla.redhat.com/show_bug.cgi?id=2302507
https://bugzilla.redhat.com/show_bug.cgi?id=2302575
https://bugzilla.redhat.com/show_bug.cgi?id=2302774
https://bugzilla.redhat.com/show_bug.cgi?id=2302841
https://bugzilla.redhat.com/show_bug.cgi?id=2302842
https://bugzilla.redhat.com/show_bug.cgi?id=2303028
https://bugzilla.redhat.com/show_bug.cgi?id=2303342
https://bugzilla.redhat.com/show_bug.cgi?id=2303403
https://bugzilla.redhat.com/show_bug.cgi?id=2303619
https://bugzilla.redhat.com/show_bug.cgi?id=2303820
https://bugzilla.redhat.com/show_bug.cgi?id=2303821
https://bugzilla.redhat.com/show_bug.cgi?id=2303822
https://bugzilla.redhat.com/show_bug.cgi?id=2303823
https://bugzilla.redhat.com/show_bug.cgi?id=2303824
https://bugzilla.redhat.com/show_bug.cgi?id=2303825
https://bugzilla.redhat.com/show_bug.cgi?id=2303829
https://bugzilla.redhat.com/show_bug.cgi?id=2304073
https://bugzilla.redhat.com/show_bug.cgi?id=2304231
https://bugzilla.redhat.com/show_bug.cgi?id=2304232
https://bugzilla.redhat.com/show_bug.cgi?id=2304235
https://bugzilla.redhat.com/show_bug.cgi?id=2304238
https://bugzilla.redhat.com/show_bug.cgi?id=2304799
https://bugzilla.redhat.com/show_bug.cgi?id=2304810
https://bugzilla.redhat.com/show_bug.cgi?id=2304815
https://bugzilla.redhat.com/show_bug.cgi?id=2304993
https://bugzilla.redhat.com/show_bug.cgi?id=2305274
https://bugzilla.redhat.com/show_bug.cgi?id=2305295
https://bugzilla.redhat.com/show_bug.cgi?id=2305660
https://bugzilla.redhat.com/show_bug.cgi?id=2305880
https://bugzilla.redhat.com/show_bug.cgi?id=2306026
https://bugzilla.redhat.com/show_bug.cgi?id=2306387
https://bugzilla.redhat.com/show_bug.cgi?id=2306577
https://bugzilla.redhat.com/show_bug.cgi?id=2307823
https://bugzilla.redhat.com/show_bug.cgi?id=2307835
https://bugzilla.redhat.com/show_bug.cgi?id=2307909
https://bugzilla.redhat.com/show_bug.cgi?id=2308091
https://bugzilla.redhat.com/show_bug.cgi?id=2308101
https://bugzilla.redhat.com/show_bug.cgi?id=2308144
https://bugzilla.redhat.com/show_bug.cgi?id=2308193
https://bugzilla.redhat.com/show_bug.cgi?id=2308304
https://bugzilla.redhat.com/show_bug.cgi?id=2308442
https://bugzilla.redhat.com/show_bug.cgi?id=2308446
https://bugzilla.redhat.com/show_bug.cgi?id=2309191
https://bugzilla.redhat.com/show_bug.cgi?id=2309195
https://bugzilla.redhat.com/show_bug.cgi?id=2309485
https://bugzilla.redhat.com/show_bug.cgi?id=2309486
https://bugzilla.redhat.com/show_bug.cgi?id=2309487
https://bugzilla.redhat.com/show_bug.cgi?id=2309488
https://bugzilla.redhat.com/show_bug.cgi?id=2309489
https://bugzilla.redhat.com/show_bug.cgi?id=2309700
https://bugzilla.redhat.com/show_bug.cgi?id=2310369
https://bugzilla.redhat.com/show_bug.cgi?id=2310385
https://bugzilla.redhat.com/show_bug.cgi?id=2310841
https://bugzilla.redhat.com/show_bug.cgi?id=2310908
https://bugzilla.redhat.com/show_bug.cgi?id=2311042
https://bugzilla.redhat.com/show_bug.cgi?id=2311043
https://bugzilla.redhat.com/show_bug.cgi?id=2311152
https://bugzilla.redhat.com/show_bug.cgi?id=2311153
https://bugzilla.redhat.com/show_bug.cgi?id=2311154
https://bugzilla.redhat.com/show_bug.cgi?id=2311171
https://bugzilla.redhat.com/show_bug.cgi?id=2311468
https://bugzilla.redhat.com/show_bug.cgi?id=2311551
https://bugzilla.redhat.com/show_bug.cgi?id=2311790
https://bugzilla.redhat.com/show_bug.cgi?id=2311867
https://bugzilla.redhat.com/show_bug.cgi?id=2311885
https://bugzilla.redhat.com/show_bug.cgi?id=2311893
https://bugzilla.redhat.com/show_bug.cgi?id=2312137
https://bugzilla.redhat.com/show_bug.cgi?id=2312442
https://bugzilla.redhat.com/show_bug.cgi?id=2313178
https://bugzilla.redhat.com/show_bug.cgi?id=2313203
https://bugzilla.redhat.com/show_bug.cgi?id=2313515
https://bugzilla.redhat.com/show_bug.cgi?id=2313717
https://bugzilla.redhat.com/show_bug.cgi?id=2313736
https://bugzilla.redhat.com/show_bug.cgi?id=2314200
https://bugzilla.redhat.com/show_bug.cgi?id=2314211
https://bugzilla.redhat.com/show_bug.cgi?id=2314404
https://bugzilla.redhat.com/show_bug.cgi?id=2314454
https://bugzilla.redhat.com/show_bug.cgi?id=2314636
https://bugzilla.redhat.com/show_bug.cgi?id=2315624
https://bugzilla.redhat.com/show_bug.cgi?id=2315651
https://bugzilla.redhat.com/show_bug.cgi?id=2315666
https://bugzilla.redhat.com/show_bug.cgi?id=2315709
https://bugzilla.redhat.com/show_bug.cgi?id=2315733
https://bugzilla.redhat.com/show_bug.cgi?id=2315846
https://bugzilla.redhat.com/show_bug.cgi?id=2318490
https://bugzilla.redhat.com/show_bug.cgi?id=2319102
https://bugzilla.redhat.com/show_bug.cgi?id=2319238
Related news
Red Hat Security Advisory 2023-5486-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
Red Hat Security Advisory 2023-5485-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
Red Hat Security Advisory 2023-5488-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
Red Hat Security Advisory 2023-5484-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
Red Hat Security Advisory 2023-5442-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Advanced Cluster Management for Kubernetes 2.8.2 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be att...
Multicluster Engine for Kubernetes 2.3.2 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulate...
An update is now available for Red Hat OpenShift Logging Subsystem 5.7.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service. * CVE-2023-26136: A flaw was found in the tough-cookie package. Affec...
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.