Headline
RHSA-2023:5407: Red Hat Security Advisory: openshift-gitops-kam security update
An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-37788: A flaw was found in goproxy, which is vulnerable to a denial of service caused by improper input validation. This flaw allows a remote attacker can cause the goproxy server to crash by sending a specially crafted HTTP request to the HTTPS page, replacing the path “/” with an asterisk "*".
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-09-29
Updated:
2023-09-29
RHSA-2023:5407 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: openshift-gitops-kam security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.10.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool
Security Fix(es):
- goproxy: Denial of service (DoS) via unspecified vectors (CVE-2023-37788)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat OpenShift GitOps 1.10 x86_64
- Red Hat OpenShift GitOps for IBM Power, little endian 1.10 ppc64le
- Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.10 s390x
- Red Hat OpenShift GitOps for ARM 64 1.10 aarch64
Fixes
- BZ - 2224245 - CVE-2023-37788 goproxy: Denial of service (DoS) via unspecified vectors.
Red Hat OpenShift GitOps 1.10
SRPM
openshift-gitops-kam-1.10.0-34.el8.src.rpm
SHA-256: b9663ff10cbf85c71abb2fe6f577d7813f3aec997172e896c4cc5207f204f750
x86_64
openshift-gitops-kam-1.10.0-34.el8.x86_64.rpm
SHA-256: 1454a75e8bf67dfadd11ce5eddda42268af3358205ecb35e41e084ae103552bd
openshift-gitops-kam-redistributable-1.10.0-34.el8.x86_64.rpm
SHA-256: cff736b1315ae7a3da402afa1bb34c848565b9369d76fd285d5a4811d33b43c2
Red Hat OpenShift GitOps for IBM Power, little endian 1.10
SRPM
openshift-gitops-kam-1.10.0-34.el8.src.rpm
SHA-256: b9663ff10cbf85c71abb2fe6f577d7813f3aec997172e896c4cc5207f204f750
ppc64le
openshift-gitops-kam-1.10.0-34.el8.ppc64le.rpm
SHA-256: 63f5564ceccaa504a9ae0208fc4132d5d3281d45b9c519050983c708a49a90c0
Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.10
SRPM
openshift-gitops-kam-1.10.0-34.el8.src.rpm
SHA-256: b9663ff10cbf85c71abb2fe6f577d7813f3aec997172e896c4cc5207f204f750
s390x
openshift-gitops-kam-1.10.0-34.el8.s390x.rpm
SHA-256: dff9d268f531b4dfb48ce3ab5e5b06fc2a644d5651988e4c14ee0bd6b6c0b26d
Red Hat OpenShift GitOps for ARM 64 1.10
SRPM
openshift-gitops-kam-1.10.0-34.el8.src.rpm
SHA-256: b9663ff10cbf85c71abb2fe6f577d7813f3aec997172e896c4cc5207f204f750
aarch64
openshift-gitops-kam-1.10.0-34.el8.aarch64.rpm
SHA-256: b4dee2c8e69f44f19ee11823b2cc19e7f2e8b2698f44cc154fd5cf27eb0da820
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2024-8974-03 - Red Hat Advanced Cluster Management for Kubernetes 2.12.0 GA release images are now available, which contain security and bug fixes.
Red Hat Security Advisory 2024-3479-03 - Updated container images are now available for director Operator for Red Hat OpenStack Platform 16.2 for RHEL 8.4. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5407-01 - OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool. Issues addressed include a denial of service vulnerability.
goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.
goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.