Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5421: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.2 security updates and bug fixes

Multicluster Engine for Kubernetes 2.3.2 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.
  • CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a ‘/’ character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.
  • CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set “\t\n\f\r\u0020\u2028\u2029” in JavaScript contexts that also contain actions may not be properly sanitized during execution.
  • CVE-2023-26136: A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
  • CVE-2023-29400: A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, “attr={{.}}”) executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.
Red Hat Security Data
#vulnerability#red_hat#java#kubernetes#perl

Issued:

2023-10-03

Updated:

2023-10-03

RHSA-2023:5421 - Security Advisory

  • Overview
  • Updated Images

Synopsis

Moderate: Multicluster Engine for Kubernetes 2.3.2 security updates and bug fixes

Type/Severity

Security Advisory: Moderate

Topic

Multicluster Engine for Kubernetes 2.3.2 General Availability release images,
which contain security updates and fix bugs.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

Description

Multicluster Engine for Kubernetes 2.3.2 images

Multicluster engine for Kubernetes provides the foundational components
that are necessary for the centralized management of multiple
Kubernetes-based clusters across data centers, public clouds, and private
clouds.

You can use the engine to create new Red Hat OpenShift Container Platform
clusters or to bring existing Kubernetes-based clusters under management by
importing them. After the clusters are managed, you can use the APIs that
are provided by the engine to distribute configuration based on placement
policy.

Security fix(es):

  • CVE-2023-26136 tough-cookie: prototype pollution in cookie memstore
  • CVE-2022-41721 x/net/http2/h2c: request smuggling
  • CVE-2023-24539 golang: html/template: improper sanitization of CSS values
  • CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace
  • CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes

Affected Products

  • multicluster engine for Kubernetes Text-only Advisories x86_64

Fixes

  • BZ - 2162182 - CVE-2022-41721 x/net/http2/h2c: request smuggling
  • BZ - 2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values
  • BZ - 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace
  • BZ - 2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes
  • BZ - 2219310 - CVE-2023-26136 tough-cookie: prototype pollution in cookie memstore

CVEs

  • CVE-2022-41721
  • CVE-2023-3899
  • CVE-2023-24539
  • CVE-2023-24540
  • CVE-2023-26136
  • CVE-2023-29400
  • CVE-2023-29491
  • CVE-2023-30630
  • CVE-2023-34969

aarch64

multicluster-engine/addon-manager-rhel8@sha256:1307fd9fd43e54707aa8d6cf599e23af6d39e911570a1682366fbeb8dacf50b4

multicluster-engine/agent-service-rhel8@sha256:81ec0e0c11ef76e5a39fdafab8b5da07afad7d9172a0a80a5ecd0b92eb27ef76

multicluster-engine/apiserver-network-proxy-rhel8@sha256:227fd7a37139b7b345f8e79882bcc65349d52d2384482d6bc1c4901e5cf93fca

multicluster-engine/assisted-image-service-rhel8@sha256:549b4631ee9b48ddc6cee09453818d69af54e7c6ea00a5dbdf6ff8eea480e79f

multicluster-engine/assisted-installer-agent-rhel8@sha256:a31361cdc7b41ff0e03ed8e4708638df62b3528372ed7a87778fe16bfe1e9330

multicluster-engine/assisted-installer-reporter-rhel8@sha256:21cd9e1bba0e31ded719536982537d0e2ea74087a2c79523b6ea6cee597fa56c

multicluster-engine/assisted-installer-rhel8@sha256:505b7f20f8dcba5d97e5f1d64092d7cc6d28db8efb12361222d031820efac9fc

multicluster-engine/aws-encryption-provider-rhel8@sha256:b264cec64b7b5bf93e87a46da2885c61e8a7aa0d25df69856dcc3f00a559530a

multicluster-engine/backplane-rhel8-operator@sha256:0d3d9a70ab0f69f1e072bf084c6ecd1190b0ec35da62bb52db0f93f7776e6e8a

multicluster-engine/cluster-api-provider-agent-rhel8@sha256:b4852f31d8bd7a8006ecc23ab4b6b83e1271f9da044ad68fef67396009ef741f

multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:b4852f31d8bd7a8006ecc23ab4b6b83e1271f9da044ad68fef67396009ef741f

multicluster-engine/cluster-api-provider-aws-rhel8@sha256:587a87cb46a910997f8e7f00d0ddcde3beaeba07ee4363a880c1a377a8ae2b3e

multicluster-engine/cluster-api-provider-azure-rhel8@sha256:dd9a9c92a5ae8fa2829e73bed92669110005dfd3fface8d6e48a8bbe615be72b

multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:35560e8d8a43fafba124b1a801c6a2414d29a2f70ac407a128acf0271150b1cf

multicluster-engine/cluster-api-rhel8@sha256:1d4e2136ec8bcdc19f5271b0ae938baf235e0a967e0f98457dbb49b7e7f02fde

multicluster-engine/cluster-curator-controller-rhel8@sha256:dbd7e4b5b497f725f3cf0326e04cfc924793f86c5eee577cf6683eb3f8439914

multicluster-engine/cluster-image-set-controller-rhel8@sha256:21611f8cebc6ea6ed85a3a1595fb1843d132bb646d14a5bdd588bba16595e2dc

multicluster-engine/cluster-proxy-addon-rhel8@sha256:23ed487d14b84de80e7a0a93fb30641ee89aad48bb42643b901c91310168aac4

multicluster-engine/cluster-proxy-rhel8@sha256:8df3ecb839c8077f4704f8c1f2834fd95af44ef76e9fa7a0b2c835c198799a1a

multicluster-engine/clusterclaims-controller-rhel8@sha256:b348d10c18e914dc0c445458b9bbb2f611c3ba036b6124abe906342a55ac880e

multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:653ae837de6ad6560c7bfa8368696bc9f49f7255d70cf86ac09f7ed8ca708379

multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:8e1020ebf752a4e7281c85dea37c566b1bc96db038def1f3689a193d40d099f5

multicluster-engine/console-mce-rhel8@sha256:8e1020ebf752a4e7281c85dea37c566b1bc96db038def1f3689a193d40d099f5

multicluster-engine/discovery-rhel8@sha256:c423d123a3b0d0f5f6ee37f9a70cbaf58f67d802260f0d3839df2a90cdd64083

multicluster-engine/hive-rhel8@sha256:90c4e37dbcc69af3c76f02da5ed34ab3f50f60534abbbff268deb90c09550616

multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:5814335eeb79b24cd9c05f73a29b7e3b9eb65c5b96481de63e229390789db7a3

multicluster-engine/hypershift-addon-rhel8-operator@sha256:5814335eeb79b24cd9c05f73a29b7e3b9eb65c5b96481de63e229390789db7a3

multicluster-engine/hypershift-cli-rhel8@sha256:63a219b785f7e67ad338f6008b296446987db4439518e34a3f875a0bb2ec933d

multicluster-engine/hypershift-rhel8-operator@sha256:f2901317ccb577be824a37a6d5e5615617d88a4646cfe871b3e0650b9c2ca03a

multicluster-engine/kube-rbac-proxy-mce-rhel8@sha256:1060f7527858adea7221d32b3cad6ddc58ea9f1eba4482b5147112998926a11b

multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:8231700706acdd58427a4396035db91028a4a3b59fbc95576f2cee2532edc44e

multicluster-engine/managed-serviceaccount-rhel8@sha256:8231700706acdd58427a4396035db91028a4a3b59fbc95576f2cee2532edc44e

multicluster-engine/managedcluster-import-controller-rhel8@sha256:72808cc8f8e58a24cdf8a99316bbda8619d041e4b85ac896d077b84131f9e167

multicluster-engine/multicloud-manager-rhel8@sha256:d33bdfbcf8049a261938d14d72f3a025336fa718fc52f5629d94fed9d6b78742

multicluster-engine/must-gather-rhel8@sha256:cf902a00db8631ea0d28a8af66c9681bf0647aac862a73cc4b0f79e8f4861b20

multicluster-engine/placement-rhel8@sha256:ea308e719094a14bce5d5cace73e190f414f8505be84c517ae51be56db6fba0b

multicluster-engine/provider-credential-controller-rhel8@sha256:0852c4f42d508e48bd8f5e69e1dfe841dd6059e6f40536e062e3a91b72716837

multicluster-engine/registration-operator-rhel8@sha256:93f0e6687a02bd31227d6ac20db66a4b3e7665874bb05c2bc1e16586423792e1

multicluster-engine/registration-rhel8@sha256:3bb94b585b1ff8dcb932b0d1aaed633f207aef564a1b9d28d8f3647c7b8460be

multicluster-engine/work-rhel8@sha256:02f69ae23e28e9c21b1149c19280baf93c888d9d8e955decb170e7b81a9b037a

ppc64le

multicluster-engine/addon-manager-rhel8@sha256:bfe31cf9fe6aae0288d1cc41d7ea33f3158708c5b780acb3b88a00ebcb17217a

multicluster-engine/agent-service-rhel8@sha256:fff86b93b174a8257af32c8f3ea5d4a5482eccc7885900bdaa3d531cc3bb48ea

multicluster-engine/apiserver-network-proxy-rhel8@sha256:7731f0ae5f964914b140f3cf42338fe54e0cad459dc47b0602c7a5c3fc2e3949

multicluster-engine/assisted-image-service-rhel8@sha256:bd1ccbc2b0f45fc93eb49dd07eff1793053e63963769d5b7a0ca879be5a4efc2

multicluster-engine/assisted-installer-agent-rhel8@sha256:5a71df8445b1357869c5b87c47cf84c6142de63722b4084492f268e296f55d00

multicluster-engine/assisted-installer-reporter-rhel8@sha256:40f7fd4afda824bec9e5a74cca9d7051343716aff94766b34459e20cbc0de67e

multicluster-engine/assisted-installer-rhel8@sha256:d03b27b20dfb23b769841ff51da2f9b1367f7a574ba1a5afd4a18cfc8cc1a2af

multicluster-engine/aws-encryption-provider-rhel8@sha256:a32ee3d215c275b57deb6b6fa22b74c549e7bf42dbcb4bf0f22b53365ee4e0bd

multicluster-engine/backplane-rhel8-operator@sha256:91022ce4ea345eefb4fbdb4aeab1592ba9b2f6e51d1cbea42ffb6ed7f863d750

multicluster-engine/cluster-api-provider-agent-rhel8@sha256:beacf3ec49150de6341794c0b419fd65d93a6e28efb0ecaf227c2cd9449263fc

multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:beacf3ec49150de6341794c0b419fd65d93a6e28efb0ecaf227c2cd9449263fc

multicluster-engine/cluster-api-provider-aws-rhel8@sha256:45bab8488d4f6e6cb6329cd36a05df8fb686b661f568bf1c0c7b444023c87ced

multicluster-engine/cluster-api-provider-azure-rhel8@sha256:7b872f314044659c8f8dee1f63eba8e47ffa88f973e07936078067a8c8cb3575

multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:d3be6db43f87408b06e0333c662f5cc830a4ffdc06478c0c0f58d5ed694ce9c9

multicluster-engine/cluster-api-rhel8@sha256:1fab4dc5d69a04956a9590ce185a8d6746fd0b71742f2f7dea1dd0f9f787319c

multicluster-engine/cluster-curator-controller-rhel8@sha256:b658002f3d9e16a973ca3117d8ffa095e29e31bfcd08b0705ed554459adb3712

multicluster-engine/cluster-image-set-controller-rhel8@sha256:1c8c06acf07cb36feab4980c86dc4ae0d69b053b294bb1641d7ca3bf546b785e

multicluster-engine/cluster-proxy-addon-rhel8@sha256:2b90f47358d1384ab6d0af0d5107e6ef3b653c1c2d0c536f4e70afa28b76e4d0

multicluster-engine/cluster-proxy-rhel8@sha256:b95a0a063f10872f1ffdeab39b3353664d6d3f39f397f5b388106f4a8defba0d

multicluster-engine/clusterclaims-controller-rhel8@sha256:df86b6701e5ccb04bdaf480d071d3961ea0fda5baa941412420f9b3203af64f6

multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:006f84ac13106755310a31da59876c34e0b16af2a1f766da6156e37572b5e8c8

multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:70cc5d643b4de9bea3cd3f7e230dc1347d443f1b39348c202db2ec2b12733a3a

multicluster-engine/console-mce-rhel8@sha256:70cc5d643b4de9bea3cd3f7e230dc1347d443f1b39348c202db2ec2b12733a3a

multicluster-engine/discovery-rhel8@sha256:91492eb9a7133d1a845917f5885c792b29465c2554ad12a1df774e95217a2557

multicluster-engine/hive-rhel8@sha256:096f5d1455d325d11a0a55dd1fcd609fbfd10b7c05fc335a50c18e14bfe2b101

multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:b87533d6d5bdbd68322c9bb1bad875b8959e84992bcf9f078bdf3f240849afcd

multicluster-engine/hypershift-addon-rhel8-operator@sha256:b87533d6d5bdbd68322c9bb1bad875b8959e84992bcf9f078bdf3f240849afcd

multicluster-engine/hypershift-cli-rhel8@sha256:8b39411fdbd06aaabe6a2160b3cf4fae063e26d86c85102b87898dd85e1f4a96

multicluster-engine/hypershift-rhel8-operator@sha256:40512b4355f62a5129a48d148e41745065534363725087561d55b3539981bedf

multicluster-engine/kube-rbac-proxy-mce-rhel8@sha256:68403db8f9f8f850d58a061894d64977e001d95a42c54a367f01a3cc7a2885f1

multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:c25f7bde050d6c1dc009368076506559d33942a486d344c11b75577b32fc7591

multicluster-engine/managed-serviceaccount-rhel8@sha256:c25f7bde050d6c1dc009368076506559d33942a486d344c11b75577b32fc7591

multicluster-engine/managedcluster-import-controller-rhel8@sha256:499494c0ad0a3a5bdee34ebed826d66668ecbdb8935f9c352ff89e9f7ae9678a

multicluster-engine/mce-operator-bundle@sha256:5d696fd9ee58b8f2e77bf1c88adebe7e36e96a8cde37dec0dd654fbda23b8351

multicluster-engine/multicloud-manager-rhel8@sha256:865462f13b7be25b11208c0bf541baa6469be3f8f310d483e8d580b4bc34dd55

multicluster-engine/must-gather-rhel8@sha256:07e59de386f6cc8c0d9d013fb798365f7f71597eecadef3e6b17b106e1db46a9

multicluster-engine/placement-rhel8@sha256:95d613bf70aeb028ef1dabc1354eb1eae42917258e0f8e205565fe66158ca02e

multicluster-engine/provider-credential-controller-rhel8@sha256:ac0af950b518b09d065569bea8f52a5fa3eba6002ac51b975c44f8816a78a5ab

multicluster-engine/registration-operator-rhel8@sha256:d9695c7e3ed1a57e3dd49dd0dc129e8724205f09ad685fe332b23d7abde1a528

multicluster-engine/registration-rhel8@sha256:c511716e6aefd6d243f919ead4832f7a841bc77ab4abf9935ceaf36161650270

multicluster-engine/work-rhel8@sha256:6ef60c671da86b2b841a0ca1b7c2afb68c08168fb78751dcd4dfcacba6fb91ec

s390x

multicluster-engine/addon-manager-rhel8@sha256:f6bfbd6019e9cb846acde5547aa58fa179b3f7b3c6c91a24dd7c0197c2be250c

multicluster-engine/agent-service-rhel8@sha256:014756ae51184b2fd9e14b031f19c06da5cdb9d888c4fe5bb39056bfc936b91c

multicluster-engine/apiserver-network-proxy-rhel8@sha256:7cc56a7bceaf3a60bae75fa5349b38cc902d80466899451f963e84c6268048cf

multicluster-engine/assisted-image-service-rhel8@sha256:1e69c96dde4d60ca64570370305de613e3f4249d370cde3c7b27ee2f3e0bb743

multicluster-engine/assisted-installer-agent-rhel8@sha256:972dfeb6ac5b2fb3e1343fc6e71ab17c0e6e507367525e6fa5f3974424e86a42

multicluster-engine/assisted-installer-reporter-rhel8@sha256:c5e9d0c9e8be54f579f86e359024f2743ec1cdb5d92d00ec2eea3b819e335264

multicluster-engine/assisted-installer-rhel8@sha256:8b3907d5e124fd1466514564ad5886fe022bd92c305709afe7cbc841713dd537

multicluster-engine/aws-encryption-provider-rhel8@sha256:dd1d22565decd4278177cc7d0ccebc8e760288b5c70c097ba87d2654ba272f59

multicluster-engine/backplane-rhel8-operator@sha256:aad0b529df39e47759494fa091f64016310e6acebece6cddcefbcd535ca822ff

multicluster-engine/cluster-api-provider-agent-rhel8@sha256:b34d8de5b81376f981f8548f0a7aff810e03e9f149aa4732355cd29cef17a544

multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:b34d8de5b81376f981f8548f0a7aff810e03e9f149aa4732355cd29cef17a544

multicluster-engine/cluster-api-provider-aws-rhel8@sha256:7138e1d1bfb2b17c039fe59065a574769844856fbc31825a8db9e24b032400f0

multicluster-engine/cluster-api-provider-azure-rhel8@sha256:aa11897661ec576edcb96f50609cf2f484189867f57ccfc863481abcd54d3d99

multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:3b4f72150c3d3c59da4fe3f3296341ff978730865b72441fda42539a0170a33b

multicluster-engine/cluster-api-rhel8@sha256:c4e95e27f9cc3f92ca94ea6f949407da0757276333af7dbf279b6f616f50b0c2

multicluster-engine/cluster-curator-controller-rhel8@sha256:ba38fd31d850517a945e60bd16efc4b7e20f80db0ba70dc39bd2df8df94bd66e

multicluster-engine/cluster-image-set-controller-rhel8@sha256:fafd29f67b7b1c37e7a64a0a1a73cb18a61d4917482506d41eedece95973802c

multicluster-engine/cluster-proxy-addon-rhel8@sha256:c3b13fc982f0cfe5392af273838d5b29da2309b78edfdde1ace4fcb74ac58149

multicluster-engine/cluster-proxy-rhel8@sha256:152045bc02b51c90972d9b6092db07ddf06b02e13874e3e452abcce60178e977

multicluster-engine/clusterclaims-controller-rhel8@sha256:cfa7ac78b90ba70c690ae9e75e633b3f773d1a02babc20e95e574a91e561bd4c

multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:37863c1ebbe4274a6ca1aabf58fa94e4705b0e2bec975e717b225ed8d8e10fd1

multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:c9482f790f8cc89217c647c08fd90d333b764d994ef716311eb163f124f27e51

multicluster-engine/console-mce-rhel8@sha256:c9482f790f8cc89217c647c08fd90d333b764d994ef716311eb163f124f27e51

multicluster-engine/discovery-rhel8@sha256:c5990bea9eaa88f28d78911467ea897f7b60ccd55f08209b5d684061dcd3edc8

multicluster-engine/hive-rhel8@sha256:f1e8ee204445637492806df87fb136bcdf53c5957036c6f74ab1298d9dad541a

multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:d500613a38008447c3c2dcb779294ba366de5e9ce8f45f8403797b2a96c494a4

multicluster-engine/hypershift-addon-rhel8-operator@sha256:d500613a38008447c3c2dcb779294ba366de5e9ce8f45f8403797b2a96c494a4

multicluster-engine/hypershift-cli-rhel8@sha256:5cf10cc22f2a5b1b6800c119e3a73cad1fa515272e5a8beba78cc7fd26de9379

multicluster-engine/hypershift-rhel8-operator@sha256:cedbb7ae45d7271be090d921b02c69bf90cf09e8ace5f623409dbd3b58f1d5ca

multicluster-engine/kube-rbac-proxy-mce-rhel8@sha256:cf3b964ceee086b39b777f5ea9b7f384ffd7ac006b02fe385ebb48781cc68626

multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:f586975d05948012d09e500ab87be231096b5cb18213bd23e650a71268778524

multicluster-engine/managed-serviceaccount-rhel8@sha256:f586975d05948012d09e500ab87be231096b5cb18213bd23e650a71268778524

multicluster-engine/managedcluster-import-controller-rhel8@sha256:cc53c87059264c2989e9edc5e2ad489bfc680ca28c538768e662382f064fba8c

multicluster-engine/mce-operator-bundle@sha256:2306e7e2cc395966077edffca5c6e6ea26735104dbbfe309cfb495c412a52f89

multicluster-engine/multicloud-manager-rhel8@sha256:5190299b2a605b3f6f1d919ef9150a4fc99410ab43a8848e0452d307099dff40

multicluster-engine/must-gather-rhel8@sha256:a385a1cfa51c26ea07b3ee1a85ca4918b67cd57496ea04a40176f10983fa19c5

multicluster-engine/placement-rhel8@sha256:8a182d3421a17f4d163ee56ede2da303039c1be137b84593e75f0cc3d6122608

multicluster-engine/provider-credential-controller-rhel8@sha256:ba2c9d6bf6f64e824e29ddd7d22c96704e227df243a53bd386871dba9b43900c

multicluster-engine/registration-operator-rhel8@sha256:ec5a41c1a87a044c10304f96ff3a0ab3801978c105805a91e20bce5aea0473be

multicluster-engine/registration-rhel8@sha256:fe57731a5d298de2883e15b9197a8a369a803bf2a93f2620454d29c950c70aab

multicluster-engine/work-rhel8@sha256:43798a7894842d0d3ef830a0757de891d631c4f6a44d532582fb926c1b432687

x86_64

multicluster-engine/addon-manager-rhel8@sha256:f21433053453b4b4ff42b67a839552f339647250c44f46bda0eeb2feb172301b

multicluster-engine/agent-service-rhel8@sha256:0dffd3466978a2157bb1e0c30f4ea279241c32f48e7d0d3bc01a71243b85b633

multicluster-engine/apiserver-network-proxy-rhel8@sha256:f28880a786c7866b9da54f773a2c6f83485a947c3f0a752336d7167b73b1d5d8

multicluster-engine/assisted-image-service-rhel8@sha256:fbb147731f32245f10c5bd8d61cd9c9c5da0c04c6a2ab9db33d670d1052e85f3

multicluster-engine/assisted-installer-agent-rhel8@sha256:f6dca0596db08e7c4554736579645d2db4400da1ff1685ecd677904f44ccf9e5

multicluster-engine/assisted-installer-reporter-rhel8@sha256:8ff0ed809e4f81adf1616bbba323c1e3adaf8a185d760a0fe4abb39147961c39

multicluster-engine/assisted-installer-rhel8@sha256:8a362b959a370e94006895af30e24c330d03f1bc4981c94df911b9c01f3967cf

multicluster-engine/aws-encryption-provider-rhel8@sha256:fe435e2471d00b8998ebca90e674f8dcb067665a861fac7061a5d38ddd0fdd7b

multicluster-engine/backplane-rhel8-operator@sha256:f49bdabf0b385b4d3a527d12324bf0a0361c0b2d4e47218732203cf411d6771b

multicluster-engine/cluster-api-provider-agent-rhel8@sha256:91a006ff29841146c7e9793b8440967f083c30618ef8932c4185b4721e4bb855

multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:91a006ff29841146c7e9793b8440967f083c30618ef8932c4185b4721e4bb855

multicluster-engine/cluster-api-provider-aws-rhel8@sha256:efedf5209289bf6de6565a47d5a64a6d2c7aaabd303e0912507e12c2fe2bfceb

multicluster-engine/cluster-api-provider-azure-rhel8@sha256:f677101610fcaabf409a053525571ae938d105f636a14b12b3c81e798d8b23bc

multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:939c1dd5b64e9adaf09c5bff192ffba1afa24709bfc4f4e8319117f84e07c0a4

multicluster-engine/cluster-api-rhel8@sha256:e3efc6cd753b00d46989035f282e03a32caac067bbc8a91597fa903bc8d75c55

multicluster-engine/cluster-curator-controller-rhel8@sha256:c1234bd3dc1ff3e5aedf0688c6da4699f7006a5a5cd919e63d89661693ab12b7

multicluster-engine/cluster-image-set-controller-rhel8@sha256:d344611b90d1393bc2e46c2a0a3db5c05b3958e5ba24d924e0b9d2061dfea677

multicluster-engine/cluster-proxy-addon-rhel8@sha256:cb2ac59643fa3f99b6ee92d40f53f484e5e46d58f7c1ed2a7f085f5a1d01efcf

multicluster-engine/cluster-proxy-rhel8@sha256:7753a3af5ecdfbf360b0641dbccc457dbfb39bf13ea10817a76fb000f1e5b959

multicluster-engine/clusterclaims-controller-rhel8@sha256:a0e90f7fa22b2a5a11b654bd003df947978ecb9e56f4b65ddd91530abe13b80d

multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:6b624f79c4739de10488338bf3ca5c6bd9e0bafb59206ba882d29b388a3be185

multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:9ec587f5c50469b7e14e75164e7a0b127a30c697a66f0ea014ac5ffc35aa6d6c

multicluster-engine/console-mce-rhel8@sha256:9ec587f5c50469b7e14e75164e7a0b127a30c697a66f0ea014ac5ffc35aa6d6c

multicluster-engine/discovery-rhel8@sha256:fa1f632ce6243d6c1c9147ad1ced7838995cb7918a60dca632090c5633c9d157

multicluster-engine/hive-rhel8@sha256:a6cb4fff3d5e18196cd9f20569d5d5b75b7fb6dd104d2900f4d4d5ee63efcbe3

multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:d3a68e1bbf8a951200c3fd5167450d4db3fa001a2a133f129bd3a9e7505af744

multicluster-engine/hypershift-addon-rhel8-operator@sha256:d3a68e1bbf8a951200c3fd5167450d4db3fa001a2a133f129bd3a9e7505af744

multicluster-engine/hypershift-cli-rhel8@sha256:18d04eeab6db0a294f4ced91a63a46e6738e6c85aec72061db72bb744f8a1f4f

multicluster-engine/hypershift-rhel8-operator@sha256:261819622282cf0c55f0f838b04a7c5640ea84c5f21a887b43c72aba76295e33

multicluster-engine/klusterlet-operator-bundle@sha256:53a35a2fdad2f9236f91aa544fca637b14a2b03090114ce89ec65bc51b638c83

multicluster-engine/kube-rbac-proxy-mce-rhel8@sha256:29703373c92e6c803177811b3630192f0de485519579b2129f179270b98d7bd8

multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:db1696f93bc981136c8e94c051eaf86b8f7c5fdc2bfa090e22ee998f2fd63216

multicluster-engine/managed-serviceaccount-rhel8@sha256:db1696f93bc981136c8e94c051eaf86b8f7c5fdc2bfa090e22ee998f2fd63216

multicluster-engine/managedcluster-import-controller-rhel8@sha256:6ae90ee6d8310d3dfe5d0fc34dfff5946f66d9155a68607b9f127d17e7597375

multicluster-engine/mce-operator-bundle@sha256:4ec7b1d1dbf77f568e8aca16d2be3ba10f91f9433f9b899cebffd22e565ec10e

multicluster-engine/multicloud-manager-rhel8@sha256:999cc98773498c0026133b302f26a358af42201bc47b1d7b817958315793baf2

multicluster-engine/must-gather-rhel8@sha256:af0bf96a0e62ee64d8731d1a54053fc548c47687840af7d7fd4eb7e6cce1b251

multicluster-engine/placement-rhel8@sha256:6bb6e39ddba7dd2d2af7d2bd7990e2d8d5985f09eafad4969054de6cbc63abac

multicluster-engine/provider-credential-controller-rhel8@sha256:868d75fc1847fff2d6be3deda2fa5ec4df85ff8af6fa784ab232de31007b4159

multicluster-engine/registration-operator-rhel8@sha256:38b847a5fceb02cd8b02ba19a0f64b4101335e5a34ff39319831dd30ad6ec2de

multicluster-engine/registration-rhel8@sha256:dd92b9043dad9e02a59f3d24792fecb98a953ec8d39cf78a3cef009d00051743

multicluster-engine/work-rhel8@sha256:26a267c79a454475cef917034ad9d58a6de6aff5c7eaaf06119daa0e2f868001

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2024-8676-03

Red Hat Security Advisory 2024-8676-03 - Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.17.0 on Red Hat Enterprise Linux 9.

Gentoo Linux Security Advisory 202407-26

Gentoo Linux Security Advisory 202407-26 - A vulnerability has been discovered in Dmidecode, which can lead to privilege escalation. Versions greater than or equal to 3.5 are affected.

Red Hat Security Advisory 2023-5486-01

Red Hat Security Advisory 2023-5486-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.

Red Hat Security Advisory 2023-5485-01

Red Hat Security Advisory 2023-5485-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.

Red Hat Security Advisory 2023-5488-01

Red Hat Security Advisory 2023-5488-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.

Red Hat Security Advisory 2023-5484-01

Red Hat Security Advisory 2023-5484-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.

RHSA-2023:5488: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of servi...

Red Hat Security Advisory 2023-5447-01

Red Hat Security Advisory 2023-5447-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5442-01

Red Hat Security Advisory 2023-5442-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:5447: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.0 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.

Red Hat Security Advisory 2023-5421-01

Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

RHSA-2023:5442: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.2 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.2 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be att...

Red Hat Security Advisory 2023-5376-01

Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

RHSA-2023:5376: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.3 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts ...

RHSA-2023:5314: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.6 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream cou...

Red Hat Security Advisory 2023-5233-01

Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.

Red Hat Security Advisory 2023-5233-01

Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.

Red Hat Security Advisory 2023-5252-01

Red Hat Security Advisory 2023-5252-01 - The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface, depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer.

Red Hat Security Advisory 2023-5249-01

Red Hat Security Advisory 2023-5249-01 - The ncurses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo.

RHSA-2023:5252: Red Hat Security Advisory: dmidecode security update

An update for dmidecode is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30630: A vulnerability was found dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.

RHSA-2023:5233: Red Hat Security Advisory: OpenShift Virtualization 4.13.4 security and bug fix update

Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.

Ubuntu Security Notice USN-6372-1

Ubuntu Security Notice 6372-1 - It was discovered that DBus incorrectly handled certain invalid messages. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.

Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems

A set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. "Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program's context or perform other malicious

Red Hat Security Advisory 2023-5001-01

Red Hat Security Advisory 2023-5001-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.49. Issues addressed include a bypass vulnerability.

RHSA-2023:5001: Red Hat Security Advisory: OpenShift Container Platform 4.11.49 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.49 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46146: A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is ...

Red Hat Security Advisory 2023-5061-01

Red Hat Security Advisory 2023-5061-01 - The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface, depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer.

RHSA-2023:5061: Red Hat Security Advisory: dmidecode security update

An update for dmidecode is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30630: A vulnerability was found dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.

CVE-2023-40440: About the security content of macOS Monterey 12.6.8

This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted.

Red Hat Security Advisory 2023-4980-01

Red Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4731-01

Red Hat Security Advisory 2023-4731-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.10.

RHSA-2023:4892: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.12 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.12 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24532: A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.

Red Hat Security Advisory 2023-4720-01

Red Hat Security Advisory 2023-4720-01 - Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service for on-premise or private cloud deployments. This release of the AMQ Broker 7.11.1 aligned Operator includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

RHSA-2023:4720: Red Hat Security Advisory: AMQ Broker 7.11.1.OPR.2.GA Container Images Release

This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4065: No description is available for this CVE. * CVE-2023-4066: No description is available for this CVE.

Red Hat Security Advisory 2023-4705-01

Red Hat Security Advisory 2023-4705-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4702-01

Red Hat Security Advisory 2023-4702-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4708-01

Red Hat Security Advisory 2023-4708-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4701-01

Red Hat Security Advisory 2023-4701-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4704-01

Red Hat Security Advisory 2023-4704-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

RHSA-2023:4705: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() me...

RHSA-2023:4704: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 e...

Red Hat Security Advisory 2023-4650-01

Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Red Hat Security Advisory 2023-4627-01

Red Hat Security Advisory 2023-4627-01 - Migration Toolkit for Applications 6.2.0 Images. Issues addressed include a denial of service vulnerability.

RHSA-2023:4627: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.2.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2022-4492: A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a...

Red Hat Security Advisory 2023-4569-01

Red Hat Security Advisory 2023-4569-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2023-4459-01

Red Hat Security Advisory 2023-4459-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.8.

Red Hat Security Advisory 2023-4459-01

Red Hat Security Advisory 2023-4459-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.8.

RHSA-2023:4459: Red Hat Security Advisory: OpenShift Container Platform 4.13.8 packages and security update

Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/'...

RHSA-2023:4459: Red Hat Security Advisory: OpenShift Container Platform 4.13.8 packages and security update

Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/'...

Red Hat Security Advisory 2023-4498-01

Red Hat Security Advisory 2023-4498-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

RHSA-2023:4470: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.3 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys ca...

RHSA-2023:4470: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.3 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys ca...

RHSA-2023:4470: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.3 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys ca...

Red Hat Security Advisory 2023-4293-01

Red Hat Security Advisory 2023-4293-01 - The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-4293-01

Red Hat Security Advisory 2023-4293-01 - The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2023:4293: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.11 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Tem...

RHSA-2023:3998: Red Hat Security Advisory: Logging Subsystem 5.7.3 - Red Hat OpenShift security update

An update is now available for Red Hat OpenShift Logging Subsystem 5.7.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service. * CVE-2023-26136: A flaw was found in the tough-cookie package. Affec...

Red Hat Security Advisory 2023-4003-01

Red Hat Security Advisory 2023-4003-01 - As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4003-01

Red Hat Security Advisory 2023-4003-01 - As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3915-01

Red Hat Security Advisory 2023-3915-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.44.

Red Hat Security Advisory 2023-3914-01

Red Hat Security Advisory 2023-3914-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.44.

Red Hat Security Advisory 2023-3911-01

Red Hat Security Advisory 2023-3911-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.63.

Red Hat Security Advisory 2023-3910-01

Red Hat Security Advisory 2023-3910-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.63.

RHSA-2023:3910: Red Hat Security Advisory: Red Hat OpenShift Enterprise security update

Red Hat OpenShift Container Platform release 4.10.63 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server...

CVE-2023-26136: Snyk Vulnerability Database | Snyk

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

RHSA-2023:3614: Red Hat Security Advisory: OpenShift Container Platform 4.13.4 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

Red Hat Security Advisory 2023-3540-01

Red Hat Security Advisory 2023-3540-01 - Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built from the edge capabilities of Red Hat OpenShift. MicroShift is an application that is deployed on top of Red Hat Enterprise Linux devices at the edge, providing an efficient way to operate single-node clusters in these low-resource environments. This advisory contains the RPM packages for Red Hat build of MicroShift 4.13.3. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3540-01

Red Hat Security Advisory 2023-3540-01 - Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built from the edge capabilities of Red Hat OpenShift. MicroShift is an application that is deployed on top of Red Hat Enterprise Linux devices at the edge, providing an efficient way to operate single-node clusters in these low-resource environments. This advisory contains the RPM packages for Red Hat build of MicroShift 4.13.3. Issues addressed include a denial of service vulnerability.

RHSA-2023:3542: Red Hat Security Advisory: OpenShift Container Platform 4.11.43 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows a...

RHSA-2023:3540: Red Hat Security Advisory: OpenShift Container Platform 4.13.3 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A ...

RHSA-2023:3540: Red Hat Security Advisory: OpenShift Container Platform 4.13.3 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A ...

Ubuntu Security Notice USN-6140-1

Ubuntu Security Notice 6140-1 - It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10. It was discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10.

Ubuntu Security Notice USN-6140-1

Ubuntu Security Notice 6140-1 - It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10. It was discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10.

Ubuntu Security Notice USN-6140-1

Ubuntu Security Notice 6140-1 - It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10. It was discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10.

RHSA-2023:3323: Red Hat Security Advisory: go-toolset-1.19 and go-toolset-1.19-golang security update

An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24537: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service. * CVE-2023-24538: A flaw was found in Golang Go. This flaw ...

RHSA-2023:3323: Red Hat Security Advisory: go-toolset-1.19 and go-toolset-1.19-golang security update

An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24537: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service. * CVE-2023-24538: A flaw was found in Golang Go. This flaw ...

RHSA-2023:3323: Red Hat Security Advisory: go-toolset-1.19 and go-toolset-1.19-golang security update

An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24537: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service. * CVE-2023-24538: A flaw was found in Golang Go. This flaw ...

Ubuntu Security Notice USN-6099-1

Ubuntu Security Notice 6099-1 - It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS.

Red Hat Security Advisory 2023-1326-01

Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

RHSA-2023:1326: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...

CVE-2023-29400

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

CVE-2023-29491: security - Re: ncurses fixes upstream

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

CVE-2023-30630: Dmidecode 3.5 has been released

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.

CVE-2022-41721

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.