Headline
RHSA-2023:3304: Red Hat Security Advisory: OpenShift Container Platform 4.13.1 bug fix and security update
Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a remote attacker can cause the application to crash.
- CVE-2021-36157: A flaw in the Grafana cortex package could allow a remote attacker to traverse directories on the system caused by improper input validation by the X-Scope-OrgID header value. An attacker could send a specially-crafted URL request containing “dot-dot” sequences (/…/) to view some of the contents in the error message.
- CVE-2022-41722: A flaw was found in Go, where it could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests by the filepath.Clean on Windows package. This flaw allows an attacker to send a specially-crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
- CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Issued:
2023-05-30
Updated:
2023-05-30
RHSA-2023:3304 - Security Advisory
- Overview
- Updated Images
Synopsis
Moderate: OpenShift Container Platform 4.13.1 bug fix and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.13.
Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2023:3303
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html
Security Fix(es):
- dns: Denial of Service (DoS) (CVE-2018-17419)
- cortex: Grafana Cortex directory traversal (CVE-2021-36157)
- golang: path/filepath: path-filepath filepath.Clean path traversal (CVE-2022-41722)
- net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html
Solution
For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html
You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha values for the release are:
(For x86_64 architecture)
The image digest is sha256:9c92b5ec203ee7f81626cc4e9f02086484056a76548961e5895916f136302b1f
(For s390x architecture)
The image digest is sha256:dbc768473b99538c15a35ea1be7ff656a6ac01e5001af4fac117c51f461c6054
(For ppc64le architecture)
The image digest is sha256:dc4bab40680fb4ed84665abc34aefef5e0689eafef1c878776c3685ddaa759d5
(For aarch64 architecture)
The image digest is sha256:5415fb0c33370014b9be83bc3120cc9d35a95922b2e93e218cac603e4179717a
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.13 for RHEL 9 x86_64
- Red Hat OpenShift Container Platform 4.13 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.13 for RHEL 9 ppc64le
- Red Hat OpenShift Container Platform for Power 4.13 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.13 for RHEL 9 s390x
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.13 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for ARM 64 4.13 for RHEL 9 aarch64
- Red Hat OpenShift Container Platform for ARM 64 4.13 for RHEL 8 aarch64
Fixes
- BZ - 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding
- BZ - 2183169 - CVE-2021-36157 cortex: Grafana Cortex directory traversal
- BZ - 2188523 - CVE-2018-17419 dns: Denial of Service (DoS)
- BZ - 2203008 - CVE-2022-41722 golang: path/filepath: path-filepath filepath.Clean path traversal
- OCPBUGS-11294 - [4.13] Missing metric for CSI migration opt-in
- OCPBUGS-11302 - Incorrect domain resolution by the coredns/Corefile in Vsphere IPI Clusters | openshift-vsphere-infra
- OCPBUGS-11336 - NTO: PAO e2e: profile update tests are flaky (time out)
- OCPBUGS-11353 - --external-cloud-volume-plugin for out-of tree providers
- OCPBUGS-11387 - build regression on 4.13: ERROR: bash-5.0.11-r1.post-install: script exited with error 127
- OCPBUGS-11432 - hostpath and node-driver-registrar containers are not pinned to mgmt cores - no WLP annotation
- OCPBUGS-11775 - wait-for command doesn’t handle installing-pending-user-action
- OCPBUGS-12363 - structured logs are borked in BMO
- OCPBUGS-12461 - Improve telemetry epic (ODC-7171) doesn’t work without PrometheusRule (4.13)
- OCPBUGS-12722 - Wrong cleanup of stale conditions from OCPBUGS-2783
- OCPBUGS-12770 - Create BuildConfig button in the Devconsole opens the form in default namespace
- OCPBUGS-13082 - Root device hints should accept by-path device alias
- OCPBUGS-13083 - Assisted Root device hints should accept by-path device alias
- OCPBUGS-13085 - hypershift_hostedclusters_failure_conditions metric incorrectly reports multiple clusters for a single cluster
- OCPBUGS-13086 - Bootstrap on aws should have same metadata service type as on other nodes
- OCPBUGS-13127 - EgressIP was NOT migrated to correct workers after deleting machine it was assigned in GCP XPN cluster.
- OCPBUGS-13138 - 4.13.0-RC.6 Enter to Cluster status: error while trying to install cluster with agent base installer
- OCPBUGS-13150 - EgressNetworkPolicy DNS resolution does not fall back to TCP for truncated responses
- OCPBUGS-13155 - CNO doesn’t handle nodeSelector in HyperShift
- OCPBUGS-13162 - Rebase vSphere CSI driver to 3.0.1
- OCPBUGS-13170 - Routes are not restored to new vNIC by hybrid-overlay on Windows nodes
- OCPBUGS-13222 - NTO profiles not removed when node is removed in hypershift guest cluster
- OCPBUGS-13312 - Failing test [bz-Machine Config Operator] Nodes should reach OSUpdateStaged in a timely fashion
- OCPBUGS-13321 - collect-profiles pods causing regular CPU bursts
- OCPBUGS-13410 - ‘vendor’ root device hint does not work correctly in ZTP/ABI
- OCPBUGS-13427 - kuryr-controller crashes on KuryrPort cleanup when subport is already gone: Request requires an ID but none was found
- OCPBUGS-13497 - kube-apiserver isn’t healthy after a cluster comes up
- OCPBUGS-13531 - AWS VPC endpoint service not cleaned up when access to customer credentials lost
- OCPBUGS-13563 - [vmware csi driver] vsphere-syncher does not retry populate the CSINodeTopology with topology information when registration fails
- OCPBUGS-13591 - [TELCO:CASE] Limit the nested repository path while mirroring the images using oc-mirror for those who cant have nested paths in their container registry
- OCPBUGS-13598 - OSD clusters’ Ingress health checks & routes fail after swapping application router between public and private
- OCPBUGS-13683 - Yum Config Manager Not Found
- OCPBUGS-13692 - Failed to create STS resources on AWS GovCloud regions using ccoctl
- OCPBUGS-13731 - unusual error log in cluster-policy-controller
- OCPBUGS-13742 - [4.13] container_network* metrics fail to report
- OCPBUGS-13783 - [Hypershift Guest] OperatorHub details page returns error
- OCPBUGS-13828 - 4.13: aws-ebs-csi-driver-controller-sa ServiceAccount does not include the HCP pull-secret in its imagePullSecrets
- OCPBUGS-13887 - Verify that upstream gRPC issue #4632 (leak of net.Conn) is fixed in 4.13
- OCPBUGS-13888 - CPMS?create two replace machines when deleting a master machine on vSphere
- OCPBUGS-13959 - [CI Watcher]: logs in as ‘test’ user via htpasswd identity provider: Auth test logs in as ‘test’ user via htpasswd identity provider
- OCPBUGS-1598 - Resourse added toast always have text “Deployment created successfully.” irrespective of any resource type selected in the form
- OCPBUGS-2290 - IPI for Power VS: Deploy fails when there is are certain preexisting resources
- OCPBUGS-3160 - In some directories(under /run/containers/storage/overlay-containers/) on two of the Infra nodes permissions are rw for other user
- OCPBUGS-3166 - assisted-installer: pod creation fails due to violations of security policies in 4.12
- OCPBUGS-7147 - [Descheduler] ? The minKubeVersion should be 1.26.0 for descheduler operator
CVEs
- CVE-2018-17419
- CVE-2021-36157
- CVE-2022-25147
- CVE-2022-41722
- CVE-2022-41723
- CVE-2023-25652
- CVE-2023-25815
- CVE-2023-29007
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-12-release-notes.html
aarch64
openshift4/cloud-network-config-controller-rhel8@sha256:a8a083bf94d324298d570fdb2f7067d10ddaf6bdf96ede4945c817ec1b9f7a79
openshift4/driver-toolkit-rhel9@sha256:e3b2c3661fc51d56dea4b288ecf6b4280c29a0a46ca1ed90648844cd4b2072da
openshift4/network-tools-rhel8@sha256:e0070ff187413aae541143bbcdd98ea3547b1fc749bcc0c54d6f9953ba21690f
openshift4/ose-agent-installer-api-server-rhel8@sha256:10358537dac3f45ab842cc2ffe35866bba1b7c930037fae060c1dc56c208fd1a
openshift4/ose-agent-installer-node-agent-rhel8@sha256:cd69b10f89d87fa81dfe6e2ac09b6d952c9c3bb8d7552ced62a18b04d66752bf
openshift4/ose-aws-ebs-csi-driver-rhel8-operator@sha256:3fbd07f8ecd52c7bef5b8bd4ec4e83654e2be335449cac5f71f59df7edc8afeb
openshift4/ose-baremetal-installer-rhel8@sha256:b60762e60e1eb47785a3ccb5a60d2f520044ec90f74565919638b90b8465cdfa
openshift4/ose-baremetal-rhel8-operator@sha256:2fc16cab540d6cb1008fa99aa83b831e9c4d85d257c66a3a34f31f50b986e089
openshift4/ose-baremetal-runtimecfg-rhel8@sha256:5f97520b10f86a28d5b198d974e4cd148e7a3d18c53c10467bf54a6743e164ac
openshift4/ose-cloud-credential-operator@sha256:ddc9042dde59db966bab9def6ab11c7986968556a17b9e27897344506633f3fb
openshift4/ose-cluster-control-plane-machine-set-operator-rhel8@sha256:f451d303bd0ba4e56ae48048af943bc67a4530f8b13fd484c115e4104a9df060
openshift4/ose-cluster-kube-controller-manager-operator@sha256:f087a29d2261c79f85c8442c06544cd699ef8bf2bd698984d716d89bffa4082c
openshift4/ose-cluster-monitoring-operator@sha256:70de2d055d862fd7a2f9e6a29c0a1ebe7af933f51fe904ea635bbef5946bc9d5
openshift4/ose-cluster-network-operator@sha256:72542ccff5beec131873aa274ce2171bfc24ae13e5dda4629a162c2b880ad788
openshift4/ose-cluster-node-tuning-operator@sha256:445f808683838bf3d52f48e1dc9a7b9747dbc8050e60807df3fba0de30368f20
openshift4/ose-cluster-policy-controller-rhel8@sha256:c52dac04634f3b6e0e5df9ef122a7205c9d78496eba1b17118d066b079258b93
openshift4/ose-cluster-storage-operator@sha256:79012e36ef25d2eda5e06a0160f20c3c705fab2ad7646231b6083c4485c23277
openshift4/ose-console@sha256:db078ea58c81349c6cf4284f89478caca202380e17b8f0d92b0f62f1b157e2d1
openshift4/ose-console-operator@sha256:9768db571b55355b7d9837ee949d8ecc24b6dd5cf5a6791f6a18986dff7c9e6d
openshift4/ose-docker-builder@sha256:73f9c9689b645518284bf8f7e38e30f4027a741f5e5e3155338ebcd84289d6c6
openshift4/ose-haproxy-router@sha256:aa21d034ad8f9eacd82430b1d602338954bd2b675f9e5352a0e2a1c6160ac306
openshift4/ose-hypershift-rhel8@sha256:d8ab925e0737e4617312eed891f9ce03b0c30ba35f505dbc81161f39bf410a29
openshift4/ose-image-customization-controller-rhel8@sha256:9d54f72cdecf6f49dd4c6a3621da4a8154ed7c12a020854037c6362d9beed56d
openshift4/ose-insights-rhel8-operator@sha256:86a3cb5b2f34d86e4e80129dbdba71def7b19a4e0f176d9995b7d74970c28876
openshift4/ose-installer@sha256:ca65cf989fe3ac749fe2da968efe17666a8e99d01a67a64a44add1ca70ea4187
openshift4/ose-installer-artifacts@sha256:93d5185727b5ab297285408f040c2f785813bb1a9585fd789685807222de5cac
openshift4/ose-ironic-agent-rhel9@sha256:382756b46dd63f69328fb752f02a1886d2d84720c906ac742f071b0ce93e1fa2
openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:524467abdf34ab8447a008113ec1148d8a8ae6b10eb61015cf86dcd732a1edf3
openshift4/ose-ironic-rhel9@sha256:d477d81bb4f5b9e3c4a3b167899f6b127e844bed3814c7402c22d27c126082e4
openshift4/ose-ironic-static-ip-manager-rhel9@sha256:a2d5cf9e6987c10ac0f8a4497af659204abe9e6b3f27557cb2c42f6b991e4f23
openshift4/ose-kube-proxy@sha256:51fd2302b258484c2c4ff770e735daca64011a23b98d324404dee05e0d3f3071
openshift4/ose-machine-api-provider-aws-rhel8@sha256:df06685f2adadf1e6c05af42023649cae5fbce85951a0cdde01e578527485a1d
openshift4/ose-machine-api-provider-azure-rhel8@sha256:29a2d122c8523b6a46cbbfa099c0cc6e2b9711208f078cd2fc60ea48c3a4e862
openshift4/ose-machine-api-provider-openstack-rhel8@sha256:75788164bfe6c3d86302e3f72159347cd2542f11d7015d27dbf3c3ed417318d9
openshift4/ose-machine-config-operator@sha256:d8aa751be70891beff141bc442603b449237564dbc1748475ff34597731827db
openshift4/ose-machine-os-images-rhel8@sha256:58d4e6693f5eefded2d77ec4cb272123ad571e335e58f65987a9f9bc2e4a6227
openshift4/ose-multus-cni@sha256:c446c1482d281f84311be5d7dfd01bcba63c817a8fc3d7c810395fa93944b667
openshift4/ose-network-interface-bond-cni-rhel8@sha256:6b71380b9e67b7118fa0d8af172c2cabd08849d2c41c9059e8b8462784b66d7c
openshift4/ose-operator-lifecycle-manager@sha256:dd41ada14f36c0ff5a296340cc24577c0f4e8df3580ec761d3fb7dfab984a86e
openshift4/ose-operator-registry@sha256:834338aa3ea15508b5fff758447cef018315333d6527d597e3bfdbd1f4ee744d
openshift4/ose-ovn-kubernetes@sha256:56e0582b8e9a22474c1f21cf278c2987392bbbe2ac84488868113f09fbef50dc
openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:82ed057680997519cd3c09f2751c9dd7f2c377eb440afa5dec258b5bf72f64be
openshift4/ose-sdn-rhel8@sha256:9c8c599435d6fa4bf92ad00d0498a8dde0d350491da5461979b9af207dc8df8a
openshift4/ose-tests@sha256:7a7024921d1d090718c44269fb6ce3cb1d7b3305b0ec3cf71dfa3e07db97e832
openshift4/ose-thanos-rhel8@sha256:1941b25715ba6b6b21076076ed405a363aeaa138f13e952973e2ca2c45cbf50b
openshift4/ose-tools-rhel8@sha256:bcfa1a51ca65c08573582fef93c3894cddd224309d7319f60883a2a06002b874
ppc64le
openshift4/cloud-network-config-controller-rhel8@sha256:21dbf78a949e8b4cb2a8275820ff850d26817ca6809d9276128c8656221f1c85
openshift4/driver-toolkit-rhel9@sha256:afe7c4ffff3b1cd25d6af9c8bd7268e66203affc3dd4bbaf6a2e50bff6f3df9f
openshift4/network-tools-rhel8@sha256:0bf13808d525a1abcdbf8d74af868551ca196d9141e799d325cbe955170b5074
openshift4/ose-agent-installer-api-server-rhel8@sha256:3a0b9b9e484a3b5eb3133116e5bde9b632a8264523c6c677ff7c375b41a551ca
openshift4/ose-agent-installer-node-agent-rhel8@sha256:55fcafa328306145fb515af001c4a6b1424e61e77f7598a738670e8e08ca1226
openshift4/ose-baremetal-installer-rhel8@sha256:e1918416621b741720e6d2f5df0490b2d042ed661bd1234109a4e160a1668af8
openshift4/ose-baremetal-rhel8-operator@sha256:3f36b4379c06ed8e3626f0be0c1d8186fdfbb658b11a95ebfe1cf8fe5c959dd1
openshift4/ose-baremetal-runtimecfg-rhel8@sha256:eea29e0ce0ff53fb6f23bab89a195f559539a37d397621ab41fe1c0170e5a9f8
openshift4/ose-cloud-credential-operator@sha256:cb280f78a5b6333d0a4923fdf43734b9379102a8d2352f549ef4bd448e609400
openshift4/ose-cluster-control-plane-machine-set-operator-rhel8@sha256:f681c5158364c3babd310f6866b6318aff478f2e5e38b750bf2e2c8d6db63e17
openshift4/ose-cluster-kube-controller-manager-operator@sha256:a01b33371c7c10d5593645855b283722c32a9b178e48ce6cde707211517e6dc9
openshift4/ose-cluster-monitoring-operator@sha256:eded9229f99cee3db22befbc11deae8271f43f8bd74a072dcbe164ad64fc6456
openshift4/ose-cluster-network-operator@sha256:3363914463cc708d686c8d794a64907c788ddf3cef87eb4c6f24a56c9c8f628f
openshift4/ose-cluster-node-tuning-operator@sha256:99654e4b61e8e87096687138366408f1e7d9ae2eb8dd846dd151475788e814fe
openshift4/ose-cluster-policy-controller-rhel8@sha256:851bc6b555bb8adaca78192ffb924352fde3e9d2f230f53801f891ae618d6a35
openshift4/ose-cluster-storage-operator@sha256:09a9d7c8166c50b93f41fd8f4f94a7294ef9b46e4b493d9bda5349468d6419f6
openshift4/ose-console@sha256:ab9ad7906b54f0a6e735ddeaf50de00d513d60b3109c254ec4d9bcede8f80f9f
openshift4/ose-console-operator@sha256:253e9fd5f21dc77f296daba1520cc9a3f87a7a4f0724d0a72cdcb5299d8299db
openshift4/ose-docker-builder@sha256:88cd3ad9117ffe5277cfc3822e01f371df0cb15d502fbddb7c33a940558f08f4
openshift4/ose-haproxy-router@sha256:a9a4d35f1ed78aeb8a216d305f12601997162753504366a2b11126642db6f287
openshift4/ose-hypershift-rhel8@sha256:25aa2253fb3a7bd8d9968a68c6a1589fb716677d529702474f27b971835ac46d
openshift4/ose-insights-rhel8-operator@sha256:69a2681a434b1adae07cc8515cae4c3379964b4bc8c0b8bc03a2340e01826c49
openshift4/ose-installer@sha256:2faae53ba6da28c1fe649fd9e62163c56ec0af6c6541b85263b129514b1f5942
openshift4/ose-installer-artifacts@sha256:6b888b745fa1d15441464cf8eedbe583e8b144ff70aefa08530ff27c7b9712ab
openshift4/ose-kube-proxy@sha256:c8eec34f340fb42d4edf6d640872c4f7b780fa8481913fc13ffcadbb172c2d8d
openshift4/ose-kuryr-cni-rhel8@sha256:1c2e5a7979f8cadd8384233946eebe9ffda66768083972a2db1b0db33365603d
openshift4/ose-kuryr-controller-rhel8@sha256:74df4b74d30e12bf9f0268539ab20dee2cb80b2220da9ab20172c6dd7da3becd
openshift4/ose-machine-api-provider-openstack-rhel8@sha256:c0452a5a6db9197fd69fb0bba10d86cd9cd8217e68488d6a8b2f52d6a6eec83a
openshift4/ose-machine-config-operator@sha256:bc12d57f1bb51c19e913dd0cdfbff2f1e7a3b8296ff52184d7ebcf7498630e5f
openshift4/ose-machine-os-images-rhel8@sha256:b01240dc90cc81787563e00a4da1daeb84fb95b23cbf677479b4f5097cf038a5
openshift4/ose-multus-cni@sha256:fc8b19f8ba1b8436f6b3fec8327369c99ca1d576a31067e1d8d7c50215dd37f1
openshift4/ose-network-interface-bond-cni-rhel8@sha256:b897fbb953fd6113a96a5233bca6a04ba06ce77c5576d61bdb068838dc36d445
openshift4/ose-operator-lifecycle-manager@sha256:6f32d504882f1f86ad6cedab95bc7485416e9d6e8c4c88c3ab2b36512d8c6abd
openshift4/ose-operator-registry@sha256:6107958c363bc5489a0b25c5bfb5a9352bd510f4a3b77da6f725b04580f9d491
openshift4/ose-ovn-kubernetes@sha256:7fa552fbe2fba3c018a95ae17e1ad016038577259a91d97472828e1fe5d88dbb
openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:37ae592ded0d5a2a4e904f0af246e047e4d2645d296dfeeffe7624675f75ead1
openshift4/ose-sdn-rhel8@sha256:1d112d766ad14235eaa0dd641830a26b712d7217dfc1b74cf55107148fcde481
openshift4/ose-tests@sha256:38c0281b2c3a0a5c0bd76d516858f72c78a4a066a0018fa8b3b5546b6f773a2e
openshift4/ose-thanos-rhel8@sha256:b22684a6f645be0109d98b851ab5b2bf6367b42c71eb85dd3d7b71fb8a475acb
openshift4/ose-tools-rhel8@sha256:3d548e103062ef896f219fa712e9136b4c8194aba3d8e88992e4ba9025810016
s390x
openshift4/cloud-network-config-controller-rhel8@sha256:8d60869ea639ff11289c968aa72b04e375e5c0617fbbcce5055c29fa8a950d42
openshift4/driver-toolkit-rhel9@sha256:d9d93761986da3428ad4e9358ba6eff57e165e78feb61517274e16466616161f
openshift4/network-tools-rhel8@sha256:7339582b8bdf73b370a730b070b1ab6ef78aede0a6abc5cfa457207f4f330fde
openshift4/ose-agent-installer-api-server-rhel8@sha256:a6416cc5df0daff1955c278bfff158753ab91550893dd5f6c9ed1eae3edc1fc1
openshift4/ose-agent-installer-node-agent-rhel8@sha256:efa3abda7dfbc249c451ef3402ec794f18c7ffa6d0578d8aa4632dc5b81f0112
openshift4/ose-baremetal-installer-rhel8@sha256:1a4f777963acf754bd457982b4a95a24b3779bb87a019a3ee252b33abb1c20e7
openshift4/ose-baremetal-rhel8-operator@sha256:d9d22ac5ffb15d27ca4c0f96645626fb142b08f7957cadbc487137915c5da97d
openshift4/ose-baremetal-runtimecfg-rhel8@sha256:e34c08b972477b687623be6fd35c57608d73aef50160f5707e8d4ac2212fd26d
openshift4/ose-cloud-credential-operator@sha256:a6fec69da743ebbab3b166f7aea5aaba20d50e552c2e3017fc3220672fb2d123
openshift4/ose-cluster-control-plane-machine-set-operator-rhel8@sha256:66df678886e7d5ab2f96beb3d487bace4a5a0012dbbc8c7659f368a5f58cfcf6
openshift4/ose-cluster-kube-controller-manager-operator@sha256:a8ed8862645e2a040ff72ce263fc82dea3d5571944deab8501e6e53ce15858df
openshift4/ose-cluster-monitoring-operator@sha256:a2d4330ccbb6c0525736670f287f542c92b6d7e134a4cebfe7f615e3f9e9089a
openshift4/ose-cluster-network-operator@sha256:b80010e0de3e7917f6db4661d70b41f156ab531fd969d728e734a2e08fc5a221
openshift4/ose-cluster-node-tuning-operator@sha256:9a5eb8c40da4faf9e923949e6e83d4ea8dfeac1569e7ea8774307994e02f90c2
openshift4/ose-cluster-policy-controller-rhel8@sha256:c5573e302168757b097d947ee3d84fd3c706347cf35936f4dc3bd01238b994af
openshift4/ose-cluster-storage-operator@sha256:72afc43c46533f871050c20e4f38725fb80ff59eae9e538d43d9e7464456fba3
openshift4/ose-console@sha256:1431ffb94c19fe14abb9d82f76db50109918947d6e5045e02bb467f686d3b9a6
openshift4/ose-console-operator@sha256:17ab10907e0fef5875b218031930e1debb2de13ad06df0a4e988f5294e286de4
openshift4/ose-docker-builder@sha256:71c9bc076dc3a3d1cbc4752a415e0f3ac520df91a3a44a793b02ae48acd57223
openshift4/ose-haproxy-router@sha256:2216f66f2e8ddd2f1e4d736a9781517fc949beb9cd33d0e50df81e2f323f730c
openshift4/ose-hypershift-rhel8@sha256:8bae9eb57a9d0911f83f61e8b1e856c362b71d5434fd96ce755d09e3f452c211
openshift4/ose-insights-rhel8-operator@sha256:5713465f03e73dc8473f310b91814128b0d03e6cb37f5fafcf58686797c91cc4
openshift4/ose-installer@sha256:eef91eff8af48314bb565d61f35bd1b5a35fd062a275b27f2c15307c13ef3435
openshift4/ose-installer-artifacts@sha256:553de7d8df8f9c4c6eacb68cc20b8e1516b82c16b20508e369b1e742dc9484b8
openshift4/ose-kube-proxy@sha256:0e58e6beae7317881bedf2bf2174e46b256ff50b7605fee48f4595b8b5730271
openshift4/ose-machine-api-provider-openstack-rhel8@sha256:2fb9e44c37fc204fb27a6e826f91d67e02f46c374f8a023a15ea33590060d712
openshift4/ose-machine-config-operator@sha256:afdcb09fa50634dfb596726e03610af4c0fbb7395a2d54e5c104461618f71b07
openshift4/ose-multus-cni@sha256:311a67dfe763519e8e4b7e367787ad4ff0a6bfb2be79d354143027791b447c0a
openshift4/ose-network-interface-bond-cni-rhel8@sha256:2e9a495442a744149412ae6a0c0ec2dbf30da4a6717fbc75a5acbdbdca5d98be
openshift4/ose-operator-lifecycle-manager@sha256:2703e893d13709d9bb11aeabe3aa45a39d6598a582a982cdb7e8bb58cb445c6a
openshift4/ose-operator-registry@sha256:444c667ecf52ebbf7a332a9f0e93b1ea697a23eaa7a94972df4e5168942cf633
openshift4/ose-ovn-kubernetes@sha256:78f480ccdb5f018d13a4a4325a9e418d9b93e795e04dcad96634093a74250c8a
openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:16d5ea95584d5a91adfd19471e4be007ebf3c31d1fa0e5e83a9fd22743e6303d
openshift4/ose-sdn-rhel8@sha256:bd0b7c844a2cd139ec59c08fc96421523f5f1141b357b94674bbb3ad5520500d
openshift4/ose-tests@sha256:9b03ee4d2f53aa4e0fc4d5b07a96b35479e1a92aa736cb1e0d723e2f166be2c5
openshift4/ose-thanos-rhel8@sha256:df18d2f93a1b2397a39053176061751f79ac299af86b28ccfbf8492aa3198bac
openshift4/ose-tools-rhel8@sha256:4c238c62dc8beb625d36527462fc9f22c8337dd93f0e87faf7e86f043b96a9b6
x86_64
openshift4/cloud-network-config-controller-rhel8@sha256:efa9f004b443436c6b0d0f53232db36a1e7581337733e09279f7c3ac0f804df6
openshift4/driver-toolkit-rhel9@sha256:e2f73efc226ca0e0fae21bec6371d813abf5b568615b39c77edc86bba8ebf736
openshift4/network-tools-rhel8@sha256:45596cd819a80a7b8448422476b902046d74cc4b5d8235514e0094d0396589ae
openshift4/oc-mirror-plugin-rhel8@sha256:cb13e29cf535cc082373527f427d88b3628fe647e748184e8641c140b84b51a6
openshift4/ose-agent-installer-api-server-rhel8@sha256:6a6bb6f9a57bc5484a3c3e3223606719c963b9939b07d40c2c7eaccf97ce6a20
openshift4/ose-agent-installer-node-agent-rhel8@sha256:2e1b327b96ce3b897f25133b0d119fbe671e499dee2483e72f5953cc85947a06
openshift4/ose-aws-ebs-csi-driver-rhel8-operator@sha256:d4b2e0682d15ae445a112765eecb7ca5ec7bc3b8e86aea2e58ccde62f76400c8
openshift4/ose-baremetal-installer-rhel8@sha256:15aa989d3131186367f893d88ccc4eeb13ec246fa3536268d9d9bbc22c996d3f
openshift4/ose-baremetal-rhel8-operator@sha256:4904bba4e616bec3a9897d84d31bcf72ad0c8ca666a39cf35468f34c3e97ad6f
openshift4/ose-baremetal-runtimecfg-rhel8@sha256:8e5e8f1f0d606cf3f9f172a5cb8361c9f16334a61417eb5cbd944c4453555192
openshift4/ose-cloud-credential-operator@sha256:e23fa02ea69afc858583ff62cae4c5ced7138405187c382b2af22641c6ce5cc8
openshift4/ose-cluster-control-plane-machine-set-operator-rhel8@sha256:8fd34d440179c9ea6dcd3a75626774d346991979d74f28505d8e5a68c4e44119
openshift4/ose-cluster-kube-controller-manager-operator@sha256:1db3816b9913b2ba3d6f2b83790d62133b6d4621f2552168c2a476a3c29295a5
openshift4/ose-cluster-monitoring-operator@sha256:71c72e774a1e3fd637ce19ba439cacb3af66ce73664852ff82ef7410deb2d3e5
openshift4/ose-cluster-network-operator@sha256:2b41f97467c8b824f9e9e3bc8ced0c014665aafa1fce786273a5b45af48023d1
openshift4/ose-cluster-node-tuning-operator@sha256:37b455efcf16c9664dd6eeb0e76c445e5f6f525d6313ffacf87926ea2c921cf7
openshift4/ose-cluster-policy-controller-rhel8@sha256:43713b6d990c3960ad25d33b3e03881f8d959c57c9fcbdcc49a65d2840e63fcc
openshift4/ose-cluster-storage-operator@sha256:0669d0955f242837f9e59275d654ed470a247a357716980eb51bf8545e7ec61c
openshift4/ose-console@sha256:64c815dd76d5aac1cbea5090284c723e364b1c2ae5c2955e995a82b1448edd8a
openshift4/ose-console-operator@sha256:8c9744d8d9c30bec14b916f27a1b12a599c87e8e155436aafdc36a3d7ab64c44
openshift4/ose-docker-builder@sha256:ec47376341111093ca777e0c569087cb10cce021ffa001a808c15cd0f4213650
openshift4/ose-haproxy-router@sha256:7f755f27f5d363577d621ca03ac7de209af9333112a5daa9b4c2efd3448ed3ed
openshift4/ose-hypershift-rhel8@sha256:132d4697a4806197a9a79a1fa2a1664f2e0ca962d5be44a8a4f42ea9a0ce4b88
openshift4/ose-image-customization-controller-rhel8@sha256:55dd95d718a8c845d30a5b377874b5d8cf40ac81f0f30e4d92c7b8474fbe49fc
openshift4/ose-insights-rhel8-operator@sha256:11910f4002078c50696d8d60c70d36f0172e38deee4911552905e7bd8842ac90
openshift4/ose-installer@sha256:ea059543c15fffe1de9ceae270eb1ecb19fea21120c8a4bc0994f94e7b43b2a3
openshift4/ose-installer-artifacts@sha256:f8d1cf2e122f0c6b33d7d1acc56751812297c59824a27414e982ce8827079983
openshift4/ose-ironic-agent-rhel9@sha256:166a48114eeb1653d9d577daceccf79b3f1763d80f33b2aca5cb1c471b479b9d
openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:172c5f9425cad2e1014c9f217316e0e373d8f4e671c1486d67b60348fe849fa7
openshift4/ose-ironic-rhel9@sha256:a96507aebf11e327d0e8e6a27ddf590f2680e599ba93ad78d24c48808f9f762b
openshift4/ose-ironic-static-ip-manager-rhel9@sha256:c483637d8fb0530e235d33508bba9b03b5db8ec4aeab458c70e859af96f0ebc4
openshift4/ose-kube-proxy@sha256:2a122d37b44e90bfca44f72b634b2a505281733d90c0297e1f0dbd95bc83f723
openshift4/ose-kuryr-cni-rhel8@sha256:cb57374e1b248f2b396265cbd278dafbe9784c826c48f7cb8382952a4a44f542
openshift4/ose-kuryr-controller-rhel8@sha256:e459d8e8d643e12eff791ddb4d0dfbfc467cc766732a671cc68a78ef92071516
openshift4/ose-machine-api-provider-aws-rhel8@sha256:a2915103c2adc828f455549c54798832de57d5fd9bcdf2a260a13e8820142a5d
openshift4/ose-machine-api-provider-azure-rhel8@sha256:aa10a1190028993bc448afdf808e246a42321ab9214b3f3e51e7b3136e308f1f
openshift4/ose-machine-api-provider-openstack-rhel8@sha256:40106fa677a767a05f6906722fe3ba8403cf95e0b45868e98970c706bf4d889a
openshift4/ose-machine-config-operator@sha256:2b51ee0cdfa5827686d432f430996b5abeee51e88e6a9c7eddc436b9d5fab850
openshift4/ose-machine-os-images-rhel8@sha256:c842f162eef66e3799c8fb2be5c1f903ec26fe59e8f436cd7b73244c7452190e
openshift4/ose-multus-cni@sha256:c6064201c9fbb6082b3582f713340473b67e5f99a14ff402d2544227081b5d8a
openshift4/ose-network-interface-bond-cni-rhel8@sha256:46e996effe05518a483c4a04e1b076beb1c6a83890127dad1fd384689dffcfa9
openshift4/ose-nutanix-cloud-controller-manager-rhel8@sha256:042e19cf972ed52c41bd7acce60c9acdb0412c4c6173a64cb00decc11197c169
openshift4/ose-operator-lifecycle-manager@sha256:5980275a012e8215267aa092361125a024eebe6b7e57ca4f438e9f1b41a80703
openshift4/ose-operator-registry@sha256:7c92f921f0e7580148fe229bfbe3241e1f43377b3887d69758453ff0d8ad5833
openshift4/ose-ovn-kubernetes@sha256:6054e99f485317db34c2b0c7b1acd77d96a4e5ada2d6b1abec11ba77576acbb9
openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:3a6a814546994be95c03d3d9cbebeac87133f6df0b3fd1138269d1aee251ba20
openshift4/ose-sdn-rhel8@sha256:6c6ae841c2f4da5eee741b7b26b035457912ee7936d155e9355ff661b4dbb2d7
openshift4/ose-tests@sha256:e9ebfd15282a27b75e370e5c2d955d1d03fc6c8bbebcecbd073aac94948b9b33
openshift4/ose-thanos-rhel8@sha256:442ec723e6b4a75cc700caa85942e535db82edb386f1c232af7ee375898b8f27
openshift4/ose-tools-rhel8@sha256:c78119666287fe2b9e01b2a0b85e9aee5291d00e65761f655170346156cb413f
openshift4/ose-vsphere-csi-driver-rhel8@sha256:a9e84b7bc3024f1b51757eae17ddcaee59195a80b8b4d606d690842c777059a8
openshift4/ose-vmware-vsphere-csi-driver-rhel8@sha256:a9e84b7bc3024f1b51757eae17ddcaee59195a80b8b4d606d690842c777059a8
openshift4/ose-vsphere-csi-driver-syncer-rhel8@sha256:d1cbf2f2fab99b2e2daa722b1fa35d66d071e4f45399c931e7d90ea4bf0c5eab
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2024-4677-03 - Red Hat OpenShift Container Platform release 4.12.61 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-3352-03 - An update for etcd is now available for Red Hat OpenStack Platform 16.2. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-0198-03 - Red Hat OpenShift Container Platform release 4.12.47 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2023-6251-01 - Red Hat OpenShift Virtualization release 4.11.7 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.
Red Hat Security Advisory 2023-4731-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.10.
Red Hat OpenShift Container Platform release 4.13.9 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
cert-manager Operator for Red Hat OpenShift 1.10.3 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specia...
Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.
Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Red Hat Security Advisory 2023-4091-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server c...
Red Hat OpenShift Service Mesh 2.2.8 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modu...
This is release 1.4 of the rpms for Red Hat Service Interconnect. Red Hat Service Interconnect 1.4 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the gol...
Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability. * CVE...
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Red Hat OpenShift Container Platform release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.
Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A flaw was found in Golang Go, where it is vulnerable to a denial of service cause...
Red Hat OpenShift Container Platform release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...
Red Hat OpenShift Container Platform release 4.12.20 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside...
Red Hat Security Advisory 2023-3363-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.61. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3366-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.2. Issues addressed include a traversal vulnerability.
Red Hat OpenShift Container Platform release 4.10.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat OpenShift Container Platform release 4.13.2 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms...
Red Hat Security Advisory 2023-3447-01 - An update for etcd is now available for Red Hat OpenStack Platform 16.1 (Train).
Red Hat Security Advisory 2023-3445-01 - An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include a denial of service vulnerability.
An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-28235: A flaw was found in etcd, where etc-io could allow a remote attacker to gain elevated privileges on the system caused by a vulnerability in the debug function. By sending a specially crafted request, an attacker can gain elevated privileges. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause e...
Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.
Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3360-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. "apr-util" is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...
An update for apr-util is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encodin...
Red Hat OpenShift Container Platform release 4.11.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat OpenShift Container Platform release 4.12.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Advanced Cluster Management for Kubernetes 2.7.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbo...
Red Hat Advanced Cluster Management for Kubernetes 2.7.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbo...
Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This security flaw ...
An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This security flaw ...
An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This security flaw ...
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-29007: A vulnerability was found in Git. This security flaw occurs when ...
Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3243-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3243-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3243-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
Red Hat Security Advisory 2023-3167-01 - New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-1325-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.
Red Hat Security Advisory 2023-1328-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.
Ubuntu Security Notice 6050-2 - USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite paths.
Ubuntu Security Notice 6050-2 - USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite paths.
New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images are now availableThis content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption...
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2990: An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has d...
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...
Red Hat Security Advisory 2023-3145-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3147-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3146-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
An update for apr-util is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
An update for apr-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
An update for apr-util is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
An update for apr-util is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".
Debian Linux Security Advisory 5364-1 - Ronald Crane discovered that missing input saniting in the apr_base64 functions of apr-util, the Apache Portable Runtime utility library, may result in denial of service or potentially the execution of arbitrary code.
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Ubuntu Security Notice 5870-1 - Ronald Crane discovered that APR-util did not properly handled memory when encoding or decoding certain input data. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64.
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode