Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4674: Red Hat Security Advisory: OpenShift Container Platform 4.12.30 packages and security update

Red Hat OpenShift Container Platform release 4.12.30 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-27664: A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
Red Hat Security Data
#vulnerability#web#linux#red_hat#dos#redis#nodejs#js#git#kubernetes#aws#ibm#rpm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-08-23

Updated:

2023-08-23

RHSA-2023:4674 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: OpenShift Container Platform 4.12.30 packages and security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.12.30 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.30. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:4671

Security Fix(es):

  • golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.12 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.12 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.12 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 8 aarch64

Fixes

  • BZ - 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Red Hat OpenShift Container Platform 4.12 for RHEL 9

SRPM

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.src.rpm

SHA-256: ea303f0721041040a6d2231ca9b8b5642bcf3a8579adc9b32b258c1061852646

x86_64

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.x86_64.rpm

SHA-256: 58972c8e8820c98114b70be013aef4f13fe482f1be75705dbc16ce1b83395da9

openshift-clients-redistributable-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.x86_64.rpm

SHA-256: 72166540b49c654ee9cfacf8cef367425120b8d295d88c57482a1e22a63688d4

Red Hat OpenShift Container Platform 4.12 for RHEL 8

SRPM

cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.src.rpm

SHA-256: 581aaefdc5646ee558e1ebc1ec46491ea6b77bf4870c72de61caf6cc77f93a57

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.src.rpm

SHA-256: f045db67544b7d3b5b71f3bd3e3f918e03c3c3a6776011e57c7010ab41cd23dd

x86_64

cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.x86_64.rpm

SHA-256: 5343b2147dd6122f9fe3b6aaad3b747943c0597eb7c13a2b07ebe3b1f4450c5a

cri-o-debuginfo-1.25.4-4.rhaos4.12.gitb9319a2.el8.x86_64.rpm

SHA-256: 1ffc77174da19cad2b6ce99f562feaa684e2862e1c6e988fcc1c3574fd076ed8

cri-o-debugsource-1.25.4-4.rhaos4.12.gitb9319a2.el8.x86_64.rpm

SHA-256: f88b45cde47ce69c2857678fa70cce73ae08f529497c390a153f5314822504b5

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.x86_64.rpm

SHA-256: aa08ab8aab47806ae1afa2c8b36efaa8eb330906738f6850291d8e5f81cf704f

openshift-clients-redistributable-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.x86_64.rpm

SHA-256: 1d644654c028672b7d92eec16732536aa1f7f9ea89dc9cf4536b50ee127e94fb

Red Hat OpenShift Container Platform for Power 4.12 for RHEL 9

SRPM

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.src.rpm

SHA-256: ea303f0721041040a6d2231ca9b8b5642bcf3a8579adc9b32b258c1061852646

ppc64le

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.ppc64le.rpm

SHA-256: 9153a79ffb0dc341cb2419c14bc856a11468d697037bedd40168cc4949c23cd6

Red Hat OpenShift Container Platform for Power 4.12 for RHEL 8

SRPM

cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.src.rpm

SHA-256: 581aaefdc5646ee558e1ebc1ec46491ea6b77bf4870c72de61caf6cc77f93a57

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.src.rpm

SHA-256: f045db67544b7d3b5b71f3bd3e3f918e03c3c3a6776011e57c7010ab41cd23dd

ppc64le

cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.ppc64le.rpm

SHA-256: c1b09e73c0017823d8c81efefebc48a55521ad0d9a598528d580c7f409b6be24

cri-o-debuginfo-1.25.4-4.rhaos4.12.gitb9319a2.el8.ppc64le.rpm

SHA-256: 1ce60698d869cbecabc6dd026e59634259ce4236e0401e24d42e5e23a1541f62

cri-o-debugsource-1.25.4-4.rhaos4.12.gitb9319a2.el8.ppc64le.rpm

SHA-256: d76f558cb92b3126af795aee9e784c440d85cc08b63474394774133a64471ffd

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.ppc64le.rpm

SHA-256: b5db7f9f57cc33e7d505c9ee5b5728bd36a660a3a219d0fc372254cb39016c37

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 9

SRPM

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.src.rpm

SHA-256: ea303f0721041040a6d2231ca9b8b5642bcf3a8579adc9b32b258c1061852646

s390x

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.s390x.rpm

SHA-256: ae6c07d342a6fc8852e5569a2f859de488434d3760b44ed390807cf2e7b0010f

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 8

SRPM

cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.src.rpm

SHA-256: 581aaefdc5646ee558e1ebc1ec46491ea6b77bf4870c72de61caf6cc77f93a57

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.src.rpm

SHA-256: f045db67544b7d3b5b71f3bd3e3f918e03c3c3a6776011e57c7010ab41cd23dd

s390x

cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.s390x.rpm

SHA-256: dbb3455f7508eabc9c92abc233ec2411deb2581170abab35aa5bdcd2ae76b7af

cri-o-debuginfo-1.25.4-4.rhaos4.12.gitb9319a2.el8.s390x.rpm

SHA-256: d006a7be10403b3a28b335e5a609f055b13cf88c31f35b98db5580f05c3d29be

cri-o-debugsource-1.25.4-4.rhaos4.12.gitb9319a2.el8.s390x.rpm

SHA-256: f08d061dc3c231f4d4c4dea054593dbaa883ba65d2e9ec9f24d023e195c0dc0f

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.s390x.rpm

SHA-256: 990fb3f046644c31b857b885f6a7e372f482b803791a86db289e78d2cc160505

Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 9

SRPM

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.src.rpm

SHA-256: ea303f0721041040a6d2231ca9b8b5642bcf3a8579adc9b32b258c1061852646

aarch64

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.aarch64.rpm

SHA-256: c0bab9c7f7e9a13b6a1b86eaeb79c10c6fe73cb6f2d609a24482987de55dac16

Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 8

SRPM

cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.src.rpm

SHA-256: 581aaefdc5646ee558e1ebc1ec46491ea6b77bf4870c72de61caf6cc77f93a57

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.src.rpm

SHA-256: f045db67544b7d3b5b71f3bd3e3f918e03c3c3a6776011e57c7010ab41cd23dd

aarch64

cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.aarch64.rpm

SHA-256: 910c284f477e0064f70a6b36407005128ee26c4e96e1365d62d912a4f89af143

cri-o-debuginfo-1.25.4-4.rhaos4.12.gitb9319a2.el8.aarch64.rpm

SHA-256: 6c8c760e5390787f69affbcc0a9db52d78a93d5c48f604f18a4f0c22d134afea

cri-o-debugsource-1.25.4-4.rhaos4.12.gitb9319a2.el8.aarch64.rpm

SHA-256: a03d3253bf9cf84ac08f6c731bda10acdb9cae7364828976cfc7839c6befc281

openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.aarch64.rpm

SHA-256: 23036f50f40c5bd96fa25da3a1dff589ce18f91269e30eac2b45fd158d4c82ae

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Ubuntu Security Notice USN-6038-2

Ubuntu Security Notice 6038-2 - USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Red Hat Security Advisory 2023-4731-01

Red Hat Security Advisory 2023-4731-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.10.

RHSA-2023:3642: Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update

A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-42581: A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application. * CVE-2022-1650: A flaw was found in the EventSource NPM Package. The description from the source states the following messa...

RHSA-2023:2167: Red Hat Security Advisory: grafana security and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy saniti...

Red Hat Security Advisory 2023-1042-01

Red Hat Security Advisory 2023-1042-01 - Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates.

Red Hat Security Advisory 2023-0708-01

Red Hat Security Advisory 2023-0708-01 - Red Hat OpenShift Serverless Client kn 1.27.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.27.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.

Red Hat Security Advisory 2023-0709-01

Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.

Red Hat Security Advisory 2023-0693-01

Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:0631: Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates

Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...

RHSA-2022:9047: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...

Red Hat Security Advisory 2022-8634-01

Red Hat Security Advisory 2022-8634-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

RHSA-2022:8634: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.1 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-32190: golang: net/url: JoinPath does not strip relative path components i...