Headline
RHSA-2023:3363: Red Hat Security Advisory: OpenShift Container Platform 4.10.61 bug fix and security update
Red Hat OpenShift Container Platform release 4.10.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a remote attacker can cause the application to crash.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-06-07
Updated:
2023-06-07
RHSA-2023:3363 - Security Advisory
- Overview
- Updated Images
Synopsis
Moderate: OpenShift Container Platform 4.10.61 bug fix and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4.10.61 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.10.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.61. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2023:3362
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
Security Fix(es):
- dns: Denial of Service (DoS) (CVE-2018-17419)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
Solution
For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha values for the release are
(For x86_64 architecture)
The image digest is sha256:e5eb60f6b35acafb3fcc9648d5a812f41df4645d4f345322ecf709a450004cef
(For s390x architecture)
The image digest is sha256:0a118768fe192c70e62278457c7f9d5e9e93f4b0ac131058ff52a916e80301e0
(For ppc64le architecture)
The image digest is sha256:38ddabb4097428af30338bb380a4845a1d69d720a01745595d543762227572c2
(For aarch64 architecture)
The image digest is sha256:d2b1c47c127ece382c81c2c000e5ad356657af3894d610b193a4051ba259bf92
All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64
Fixes
- BZ - 2188523 - CVE-2018-17419 dns: Denial of Service (DoS)
- OCPBUGS-13358 - Project Access tab cannot differentiate between users and groups
- OCPBUGS-13654 - [release-4.10] Bump Jenkins and Plugin versions
- OCPBUGS-13722 - redfish-virtualmedia mount not working
- OCPBUGS-13729 - redfish-virtualmedia mount not working
- OCPBUGS-13831 - Pipeline Repository (Pipeline-as-Code) list page shows an empty Event type column
- OCPBUGS-13847 - Failed to create STS resources on AWS GovCloud regions using ccoctl
- OCPBUGS-6692 - [4.10] Lazily unmount /proc/cmdline
CVEs
- CVE-2018-17419
- CVE-2023-25652
- CVE-2023-25815
- CVE-2023-29007
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
aarch64
openshift4/driver-toolkit-rhel8@sha256:3c43f14eed3bd5daca19630c17959f117369fbc57125e23439075fe9348cdc52
openshift4/network-tools-rhel8@sha256:d6c7f9537af5e29a7ff420e21a303478d20c2068ae7868cdcf9aa5f0be595924
openshift4/ose-cloud-credential-operator@sha256:385af03ffe39b5c1e0edb51247763cd983c71b0b567d9386237edc7253ac67f2
openshift4/ose-cluster-node-tuning-operator@sha256:46dab3c9741ed94f39eea063f8a7ce4e47c8fb5c0bc154caa7ff282da67034d3
openshift4/ose-console@sha256:aea7068546d1b370a73eb71cdc724ef9f18251aec91249f6d78e6cd1e78305f9
openshift4/ose-docker-builder@sha256:77b61f1cfe886523efbc33439ad37b75f67b224f2f2543f0eb1624890d6914cb
openshift4/ose-haproxy-router@sha256:d91b65b5e1e8ab267273aa91d1489c63ca392f32f9571ceeea4701f00774dd4d
openshift4/ose-jenkins@sha256:aedc2e1d0de0b20bed35f743971fb68160f99cd45fd18a1e715ab0e65b59b8d3
openshift4/ose-jenkins-agent-base@sha256:140957d47f979f7f6f25a4549169af6e85770c8bc83bf454bc9f8c4c6374bd95
openshift4/ose-jenkins-agent-maven@sha256:3e41cc64331d5cb9e64f494b089345cbfa5c02ebd378b5d94a60ce31f29f2325
openshift4/ose-jenkins-agent-nodejs-12-rhel8@sha256:e47e325007a8001232c15615db59737084380fb752636f7f3880a68cbb74dac3
openshift4/ose-kube-proxy@sha256:3ec5a169ad8b884e355ce0e97a90e982c6e5a69f7ac2211df300119ace20a943
openshift4/ose-machine-config-operator@sha256:4d4e99811970809725f16420d125e2c4d812360804b56628d3d1b6da003fadb7
openshift4/ose-sdn-rhel8@sha256:74fcac3aabd5df51f9b3b693196ab1110b7e85b41114d5d14b04ef2e9575835f
openshift4/ose-tests@sha256:036747a5d44aa06569e793c2faaba63a972b2c5830c74615f2645a36cbd87cc8
openshift4/ose-tools-rhel8@sha256:39b92b015c18c0801fef842ad9ef5dc30108f03f59dd473375c48092e87f5e4d
ppc64le
openshift4/driver-toolkit-rhel8@sha256:fa17d0211da4cd731549babb12d8abb254fa6d1a64e9631eb0b66ec2299b0731
openshift4/network-tools-rhel8@sha256:9d4202afaf51dd4f85a50774fe911d812ff1b0c8993df9aef8aede59a2430cb9
openshift4/ose-cloud-credential-operator@sha256:f9961238d1132ba875caadf16558edbadb66830f3fb2f16abcdf8d42479796bf
openshift4/ose-cluster-node-tuning-operator@sha256:add614852b0f4e5d4b33bb774c3d33df5c05e8e3ee56e24dda24648305e37a74
openshift4/ose-console@sha256:574d55942a662d8ec8dfd32f760c9de6edd8803177fc327b7844ac712a44a908
openshift4/ose-docker-builder@sha256:606b26c97726458a0df90fc15090a681f65d3f87670162431e3859fb7104c35f
openshift4/ose-haproxy-router@sha256:470f6d52d7082bcc92cefafdd83281969e7ade7488672cf3d9cbd138ab10c47f
openshift4/ose-jenkins@sha256:c4596a925a409d3dbadc99cbd80e0185d7e372b7a7c88dccfed390fc7f857617
openshift4/ose-jenkins-agent-base@sha256:9d66f7ccdb4e60de989e79a4be9dabc8c54278a93b24c08d044f15dbcd00ef6e
openshift4/ose-jenkins-agent-maven@sha256:fc6059d045500c3a40ef736ba0b9582e8c9a56db02f56c3a0896ade33d70fda4
openshift4/ose-jenkins-agent-nodejs-12-rhel8@sha256:280a78596b7195ee2acef8751730b4dc8f8ca5772c3754cbc9a25b5284be13b6
openshift4/ose-kube-proxy@sha256:9e6decde23106f252351a263eacd52973397f25dbb757d0c733efd45b25fe2b2
openshift4/ose-kuryr-cni-rhel8@sha256:b8e3000c13ba56dde475dc57c2fe1f4b2e76b8a45fd55ea19e8c54cb7d6eec16
openshift4/ose-kuryr-controller-rhel8@sha256:126b6ce0da354baa85dd322d1f3091d0b8632e31f6c2df75002b489c998ac59c
openshift4/ose-machine-config-operator@sha256:da780edc53c67c32e96ad435213403e9ac10354ac559350f3969e1d7dd76ff91
openshift4/ose-sdn-rhel8@sha256:24e45489e7a49f168c9b390c5766db3d416149dd373c6aec7bafbef851fbf0a4
openshift4/ose-tests@sha256:ba19e4f41dd88c38e1e37fa64d4d106b4f9884fab5da3a17dca30ac17779f4b4
openshift4/ose-tools-rhel8@sha256:0abd1fb43f5f63cc75bdbd84085ed9effd0949438d7590f99e2b3a91d834c2fc
s390x
openshift4/driver-toolkit-rhel8@sha256:735ff2bad1e2a257de4342730127fde0f4ec58b681a1c418b9eb33b510c557f0
openshift4/network-tools-rhel8@sha256:5c69423ad24ae75df2415c0ff710ff98b50f49a5901e23f8a64e948fe06ce8d3
openshift4/ose-cloud-credential-operator@sha256:0af9b356fb8828a32b4d6777aa808f51b15ddeed7418282a6247dfa6e15be403
openshift4/ose-cluster-node-tuning-operator@sha256:9f4a3d8f1d5f0bb7d680dcae5fdd77135928f646c2471ea25e7e8b59359ce5f2
openshift4/ose-console@sha256:29c9ffa3c72b6c9554a0219a5e76beed3d4505bf5d085d4b54e5de8fc75e905b
openshift4/ose-docker-builder@sha256:2bb5397b8cb791e63d5dd7d84d5b6adab3d70fd0c575a21d249aaf86ccfb4c93
openshift4/ose-haproxy-router@sha256:7484f2aca52ca3bbf00b7c5d93eac80d0bf9928782ed45bfbe174d5883809538
openshift4/ose-jenkins@sha256:b37dae718613aa522fe601442084cf6147fa331425bf2dd081c1f729dff11397
openshift4/ose-jenkins-agent-base@sha256:0bb1158cff44f96f5671df79b6f83be04a3fd788ddaadeba8237c0e0dab7cc14
openshift4/ose-jenkins-agent-maven@sha256:29b3976c4e8bbe7eb5af7ec5b04475e6de3b25f54ab50a3b42ee38eff17a4565
openshift4/ose-jenkins-agent-nodejs-12-rhel8@sha256:65897b90e384b86a05d0c6b063b53253bcd32910116128e6f41383650d8fe19d
openshift4/ose-kube-proxy@sha256:f645fa40d6f09546dd45055373232de5ba65b8b21b582b71c7dcbe23c236c256
openshift4/ose-machine-config-operator@sha256:d86016ad5f8ce463a5e0addc36606969997ebd046f9b6a64c22c68f237b80bf6
openshift4/ose-sdn-rhel8@sha256:0b3335b09371e96d5c0231762b0092da7715f6fb437bf44bd18dca658a913852
openshift4/ose-tests@sha256:4e323ada04678c29820187db151ba0cfbe6c4a6ac96cb8dd191a477381c87b3f
openshift4/ose-tools-rhel8@sha256:9c7c92a7cc339769ccd31d8402bd05541cfa646b01e7b0031fd4ef2f9bc42e0d
x86_64
openshift4/driver-toolkit-rhel8@sha256:937c46ea0b52514c0c85285fbe3b6f3ad4dcab489bfb35063c72faa40b6c9b78
openshift4/network-tools-rhel8@sha256:b6e4cfd2cb4d6155f3f1ffb28948fdf5c1481420eabbe71723358cd0a22313af
openshift4/ose-cloud-credential-operator@sha256:204759f4f6c0a1d2b5aab40d8c561b8ac9493708684ec68f9172ee2e9eb2ede0
openshift4/ose-cluster-node-tuning-operator@sha256:aeeba7478b9c18c0cc13cdbdf6eb5e94e7207ff4dd94bab3195aa22cb0cf095d
openshift4/ose-console@sha256:f5c16f96b2d51d98f45f5eabd2c27825fc0a49b54db2248195e9e956e8fd5d0c
openshift4/ose-docker-builder@sha256:a272caa43d4c28de5a0f51eacb7319cfba2161e1e5b65f90bf9d09427fd66e44
openshift4/ose-haproxy-router@sha256:fe4b73782c89688e28a6646eb28960e19530ef6487aafb0d5d5f832a6b9b5ae7
openshift4/ose-image-customization-controller-rhel8@sha256:65a885db2c53d40ae811b323c040cbb8a2a530ad33022bc78f8de066ceb6790c
openshift4/ose-ironic-hardware-inventory-recorder-rhel8@sha256:6bbafdbaec6a844e8892c578d795b54e9547c1ed314aedc58fd350681ed0aaa6
openshift4/ose-ironic-machine-os-downloader-rhel8@sha256:c4e0001f782e11fb68e7d2929b5bb00c662a95b099bec454e866154645ef6f9e
openshift4/ose-ironic-rhel8@sha256:64c43b82f584a725ade83727a5a81e94b4b9036beaa7fa26876f28341c4dcab0
openshift4/ose-jenkins@sha256:636e2a177e974392c5a60d14df406a03d5d07c669ab765550da4301a683a20a1
openshift4/ose-jenkins-agent-base@sha256:686de6cbd585af0871050ae06f0b450650b32e9b0199265a73717a1c7322ea19
openshift4/ose-jenkins-agent-maven@sha256:acad8e666e55f83190064fa99ba6f1f1d3a8bcc6ba6eea5b988fa3af687d7749
openshift4/ose-jenkins-agent-nodejs-12-rhel8@sha256:93162392eb675b820351d336e9cd88767c42777196ff33c0372493e4144139e6
openshift4/ose-kube-proxy@sha256:9c1de7afae9f98c78ef7cd4b91d7e109aa61c51989c868d12612f785d093ced4
openshift4/ose-kuryr-cni-rhel8@sha256:27bd16960c97093741cbdabc66ece25f10236ad67e36ebb2138b269a3a7f43ad
openshift4/ose-kuryr-controller-rhel8@sha256:6f05ef7e12879262fb616d8841bd6c22c197958ef4d2e0a479f7352d7b74d301
openshift4/ose-machine-config-operator@sha256:98ace988029c2bce97198bbb699391bc902a51c553edc29db1199c09bfe4a244
openshift4/ose-sdn-rhel8@sha256:4a99d7f7d5b59127feaf307d85c30171886f6d41823998602d7a244b453eda75
openshift4/ose-tests@sha256:8939019f31cbff787ba0f83bd4fca6edda9f66edfd8bd1b92ec798dbb57033ed
openshift4/ose-tools-rhel8@sha256:605e2802adfbce3ece8a5b6e7b7291ad5cd2ce3cc5c5500ba4bc13bccea131f3
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202312-15 - Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Versions greater than or equal to 2.39.3 are affected.
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.
Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where reques...
Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.
Red Hat OpenShift Container Platform release 4.12.20 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside...
Red Hat Security Advisory 2023-3363-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.61. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.
Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Container Platform release 4.11.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat OpenShift Container Platform release 4.12.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a ...
Red Hat Security Advisory 2023-3297-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This security flaw ...
An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This security flaw ...
An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This security flaw ...
Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...