Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5407: Red Hat Security Advisory: openshift-gitops-kam security update

An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-37788: A flaw was found in goproxy, which is vulnerable to a denial of service caused by improper input validation. This flaw allows a remote attacker can cause the goproxy server to crash by sending a specially crafted HTTP request to the HTTPS page, replacing the path “/” with an asterisk "*".
Red Hat Security Data
#vulnerability#web#linux#red_hat#dos#redis#nodejs#js#git#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-09-29

Updated:

2023-09-29

RHSA-2023:5407 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openshift-gitops-kam security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.10.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool

Security Fix(es):

  • goproxy: Denial of service (DoS) via unspecified vectors (CVE-2023-37788)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat OpenShift GitOps 1.10 x86_64
  • Red Hat OpenShift GitOps for IBM Power, little endian 1.10 ppc64le
  • Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.10 s390x
  • Red Hat OpenShift GitOps for ARM 64 1.10 aarch64

Fixes

  • BZ - 2224245 - CVE-2023-37788 goproxy: Denial of service (DoS) via unspecified vectors.

Red Hat OpenShift GitOps 1.10

SRPM

openshift-gitops-kam-1.10.0-34.el8.src.rpm

SHA-256: b9663ff10cbf85c71abb2fe6f577d7813f3aec997172e896c4cc5207f204f750

x86_64

openshift-gitops-kam-1.10.0-34.el8.x86_64.rpm

SHA-256: 1454a75e8bf67dfadd11ce5eddda42268af3358205ecb35e41e084ae103552bd

openshift-gitops-kam-redistributable-1.10.0-34.el8.x86_64.rpm

SHA-256: cff736b1315ae7a3da402afa1bb34c848565b9369d76fd285d5a4811d33b43c2

Red Hat OpenShift GitOps for IBM Power, little endian 1.10

SRPM

openshift-gitops-kam-1.10.0-34.el8.src.rpm

SHA-256: b9663ff10cbf85c71abb2fe6f577d7813f3aec997172e896c4cc5207f204f750

ppc64le

openshift-gitops-kam-1.10.0-34.el8.ppc64le.rpm

SHA-256: 63f5564ceccaa504a9ae0208fc4132d5d3281d45b9c519050983c708a49a90c0

Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.10

SRPM

openshift-gitops-kam-1.10.0-34.el8.src.rpm

SHA-256: b9663ff10cbf85c71abb2fe6f577d7813f3aec997172e896c4cc5207f204f750

s390x

openshift-gitops-kam-1.10.0-34.el8.s390x.rpm

SHA-256: dff9d268f531b4dfb48ce3ab5e5b06fc2a644d5651988e4c14ee0bd6b6c0b26d

Red Hat OpenShift GitOps for ARM 64 1.10

SRPM

openshift-gitops-kam-1.10.0-34.el8.src.rpm

SHA-256: b9663ff10cbf85c71abb2fe6f577d7813f3aec997172e896c4cc5207f204f750

aarch64

openshift-gitops-kam-1.10.0-34.el8.aarch64.rpm

SHA-256: b4dee2c8e69f44f19ee11823b2cc19e7f2e8b2698f44cc154fd5cf27eb0da820

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2024-3479-03

Red Hat Security Advisory 2024-3479-03 - Updated container images are now available for director Operator for Red Hat OpenStack Platform 16.2 for RHEL 8.4. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5407-01

Red Hat Security Advisory 2023-5407-01 - OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool. Issues addressed include a denial of service vulnerability.

GHSA-4r8x-2p26-976p: goproxy Denial of Service vulnerability

goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.