Headline
RHSA-2023:5376: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.3 security and bug fix update
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set “\t\n\f\r\u0020\u2028\u2029” in JavaScript contexts that also contain actions may not be properly sanitized during execution.
- CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-09-27
Updated:
2023-09-27
RHSA-2023:5376 - Security Advisory
- Overview
- Updated Images
Synopsis
Important: Red Hat OpenShift Data Foundation 4.13.3 security and bug fix update
Type/Severity
Security Advisory: Important
Topic
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API.
Security Fix(es):
- golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)
- word-wrap: ReDoS (CVE-2023-26115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Previously, during the reclaimspace operation, I/O and performance was impacted when the `rbd sparsify` command was executed on the RADOS block device (RBD) persistent volume claim (PVC) while it was attached to a pod. With this fix, the execution of the `rbd sparsify` command is skipped when the RBD PVC is found to be attached to a pod during the operation. As a result, any negative impact of running the reclaim space operation on a RBD PVC attached to a pod is mitigated. (BZ#2225436)
- Previously, the container storage interface (CSI) CephFS and RADOS block device (RBD) pods were using older `cephcsi` image after the upgrade as the CSI CephFS and RBD holder pods were not getting updated. With this fix, the daemonset object for CSI CephFS and RBD holder are upgraded and steps to upgrade the corresponding pods are documented. As a result, after upgrading, the CSI holder pods use the latest `cephcsi` image. (BZ#2222600)
All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes.
Affected Products
- Red Hat OpenShift Data Foundation 4 for RHEL 9 x86_64
- Red Hat OpenShift Data Foundation for IBM Power, little endian 4 for RHEL 9 ppc64le
- Red Hat OpenShift Data Foundation for IBM Z and LinuxONE 4 for RHEL 9 s390x
- Red Hat OpenShift Data Foundation for RHEL 9 ARM 4 aarch64
Fixes
- BZ - 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace
- BZ - 2216827 - CVE-2023-26115 word-wrap: ReDoS
- BZ - 2225436 - Failed to restart VMI in cnv - Failed to terminate process Device or resource busy
- BZ - 2227161 - Rook ceph exporter pod remains stuck in terminating state when node is offline
- BZ - 2232414 - [4.13 clone][RDR] [MDR] ramen operator pods in CrashLoopBackOff state due to client-go bug
- BZ - 2232555 - [RDR] token-exchange-agent pod in CrashLoopBackOff state
- BZ - 2233028 - Avoid pods entering into CrashLoopBackOff due to older k8s.io/client-go packages
- BZ - 2233071 - Avoid pods entering into CrashLoopBackOff due to older k8s.io/client-go packages
- BZ - 2233505 - [odf-console] The “Provider details” on namespacestore page is not updated
- BZ - 2234658 - update k8s.io/client-go to v0.26.4 for ocp 4.14
- BZ - 2234948 - [4.13 backport] Update client-go library to avoid crash on OCP 4.14
- BZ - 2237862 - Include at ODF 4.13 container images the RHEL CVE fix on “subscription-manager”
CVEs
- CVE-2023-2602
- CVE-2023-2603
- CVE-2023-3899
- CVE-2023-24540
- CVE-2023-26115
- CVE-2023-30630
- CVE-2023-34969
aarch64
odf4/mcg-cli-rhel9@sha256:9226a0bff43abb19535fb87f4dc33087569b4f096da39e39f56392c5d8e1aa18
odf4/mcg-core-rhel9@sha256:d8894fa3ab4f106feb3b0abb19e36b1725663ba70bdeae7d33a32279f2353034
odf4/mcg-rhel9-operator@sha256:55c050267dc55c6c9904a64cf59b63048839bbdd0cefd5ca25e8abbb4efe7273
odf4/ocs-client-rhel9-operator@sha256:39042f82fba928abbf923ff78204b4977e0817fd452359b635f20ecaceda3e52
odf4/ocs-rhel9-operator@sha256:f0c9de60ecd7df264f0091da69bc48719e8e03d613ac94c52f3671be45ea23bf
odf4/odf-csi-addons-rhel9-operator@sha256:47002411029909d6fc6e0decc607dfd346002793712f819b7a1ac4ceb254ffa0
odf4/odf-csi-addons-sidecar-rhel9@sha256:66ec066a0dcff9f60f597cedde46446094c6fd9a807e929af44b73425872eae0
odf4/odf-multicluster-rhel9-operator@sha256:ec3e3aadf30eeda42dbb0a681cd1c8ffde36473893e41b074eba2608a134da6b
odf4/odf-must-gather-rhel9@sha256:9129fa0411a1fe6ce51ca1e68c0bdc2ee3cfbe7aa6204806bfeda6f6f2cec892
odf4/odf-rhel9-operator@sha256:b4baf45f4a6afdfdc8fa7a3bf14f6ad3b4d76e5419bfa3caa4c7119996f8efba
odf4/odr-rhel9-operator@sha256:d59c0757a3df030670395f40470a8c1605403ecce4b84212eb430b0b769f824f
ppc64le
odf4/cephcsi-rhel9@sha256:81a8210bc44d930097da17bc390b5f215f74e1a9448744ab968192aa0160563c
odf4/mcg-cli-rhel9@sha256:e74a1ffb4423c26f2aa634b86a9042c07f9f230a569dee5a832e64299abac4d6
odf4/mcg-core-rhel9@sha256:c48de169132b4c10f443b7602078d5d494269e2fb70449352469595e631dfdc5
odf4/mcg-operator-bundle@sha256:1217b18f51480accd2d5eeb949699c89065a3b38f12e3bfbda60660a57dfdca9
odf4/mcg-rhel9-operator@sha256:676dd3170980201e08f6db25236c32d508653fe97bee87bb5cc3e0358cc852a4
odf4/ocs-client-operator-bundle@sha256:1bafb2182f6bac9ad052a9dff0eb5ee15f9a85c0bc9f0c9dd4d1182e221df0ec
odf4/ocs-client-rhel9-operator@sha256:cb99ab65b33c8b72bbb26233f6b123010ca4c5fbe7cdff611f29bc465d565c73
odf4/ocs-metrics-exporter-rhel9@sha256:7d83e7a6925670deac20d6f35e01bc26b7c29aa8c77dc6065958aa95c74723ac
odf4/ocs-operator-bundle@sha256:e5263c58f0b2d3620abdb786f66bf93c3e0f32e37e71d0b2618c9b2084db35ce
odf4/ocs-rhel9-operator@sha256:cf4cb87c6f1b14ba20edfe6096e5f0844b7a6f6c82c97bef37ee94121ff58e93
odf4/odf-console-rhel9@sha256:55e59b863ddbeff840bb4ff486fa808be7f6e08c591b03c54985dd3196def132
odf4/odf-csi-addons-operator-bundle@sha256:8ba69c839b9cc504b51016e87328ada8e51007e103f86e4271439a6876ec587d
odf4/odf-csi-addons-rhel9-operator@sha256:71d443cc3e526409d5ec2bed713dd3df5b3c1de699291a1eb6832e863924bd5c
odf4/odf-csi-addons-sidecar-rhel9@sha256:2420536ab97ea377dca242f0b490c0ee8849637644590e9f41b891d79ea35fbb
odf4/odf-multicluster-console-rhel9@sha256:5bc21a94f48dbce076d4a5ecde16c3be7635ed463aa64179e9f64a5719b57392
odf4/odf-multicluster-operator-bundle@sha256:a1ad241b82ba50ba63fd1091dc7b361cba0ff6c9a74537378a6dfa553d434946
odf4/odf-multicluster-rhel9-operator@sha256:526fae8628bf0e3cc77844df24fbaa0aed4db9353ac503a9bcf4be032c39b464
odf4/odf-must-gather-rhel9@sha256:dccedd38e7c60181800eea9577d3b2ca940a2b429eedfb3960f97d64a29ee08a
odf4/odf-operator-bundle@sha256:8f5ad9d32ecf2d39f7ae102cf3450d0de7dffdfaf64b3096ac49d4db0a25ea39
odf4/odf-rhel9-operator@sha256:fce1dcc3476c5d993094700398730811d34ac7606beb4c97f94ac55b2c7b9262
odf4/odr-cluster-operator-bundle@sha256:e10b0c5e6e9b1da5fd3e49596d705dd8ffc9887255332eeb945a4877a2b79469
odf4/odr-hub-operator-bundle@sha256:5e274bd736ced183bc7f3743b49830c4996f2a4e4e8f8df7e204cea584a06348
odf4/odr-rhel9-operator@sha256:5a98257d2e56dccaa7eb5904d829a12fc4adda1d8e91209b9423ce4824fd310b
odf4/rook-ceph-rhel9-operator@sha256:212509d9eb8a92240785148961d371d1cabce460a3979843286abbb6cbcc0119
s390x
odf4/cephcsi-rhel9@sha256:b1c8b5dba7b83cca14daaa0255ad7a90912de0e0da8367054be031063f3c7278
odf4/mcg-cli-rhel9@sha256:4678fc61d47f98c000efdffe5bfb3da760ba8c0ba1f7b5c8e525b0618d68ab21
odf4/mcg-core-rhel9@sha256:76a3ed8fba4ca51e7d01d5e392be6b213cbc2ba86cef3a38376f7f2a61289d0b
odf4/mcg-operator-bundle@sha256:30828cb79cac11ba206a4528e846ff660635f4bf48207af287bd94aad6d6d67a
odf4/mcg-rhel9-operator@sha256:5bafd25be7f2d979be4caddc8e108af674f0d8fa5ae04410439e0bc673bd8fd4
odf4/ocs-client-operator-bundle@sha256:13b7e4961d0aa84c2bbe2866a6291d5fbd0934faf8852297a07c571bce28e95b
odf4/ocs-client-rhel9-operator@sha256:b912621367fc394a2a94ce0c330bf9f7cbc31c60749dbb2932a49fcd4cf76d4a
odf4/ocs-metrics-exporter-rhel9@sha256:691d9eab91e79a2222bca3a27f6bbd33c6fc0f7d67771ce0f72fb5d2faa4d4fb
odf4/ocs-operator-bundle@sha256:75fa2196b527b3abe9922d3915c01ac6536f68a2617f7e488d1f082bfebb2e02
odf4/ocs-rhel9-operator@sha256:8c4208aac4968990f910f481904686ea4f738650584108c8217cb50afd08051d
odf4/odf-console-rhel9@sha256:f819c99f775ef8eadebdcdfab63257a87418b43b9e52b3b446b7d0754d106570
odf4/odf-csi-addons-operator-bundle@sha256:c5287d8ae81bb8b42d008a4e19f2ba39fa1cb5ad11c83924839c60e96ab16c9c
odf4/odf-csi-addons-rhel9-operator@sha256:0b701208b28082ac92dd1afa475e631859e88eb4f99a5d866bcae481e57c9350
odf4/odf-csi-addons-sidecar-rhel9@sha256:cfd590d53815409d36196e55f9aa30e90cc44914fc252d591147e1cee1a5ff58
odf4/odf-multicluster-console-rhel9@sha256:fba214edf89e06073d216fe2a4daac57b6ba0f21d310876e1bacd3fdbf344475
odf4/odf-multicluster-operator-bundle@sha256:821c61e28ffb203f3092930426286e79a30b8398387d0548c4466338ae8ec9f3
odf4/odf-multicluster-rhel9-operator@sha256:d94a4c9b5047d2dd864bae3b4e3ddb09dffa07a8b9f3863f0f30129d6aec83dc
odf4/odf-must-gather-rhel9@sha256:2281c2143b079b8cff812aece421466eebe105040446b1b3891eabf9301fa777
odf4/odf-operator-bundle@sha256:f226e366ab003df97aa9407cc3082f9b696881a6539cb10022373fdc5c8bc5e0
odf4/odf-rhel9-operator@sha256:052a08e034a68befd82c500266cb2610a5161a2fc703f98e3e58d02ebf9b87d1
odf4/odr-cluster-operator-bundle@sha256:fbc361c16a257a67752a3be28c2372c69e5bfc12aca325853afa3dea36fbbcac
odf4/odr-hub-operator-bundle@sha256:d9ce5552998673226f3266e15f979e43cbbd3a6295ff1d3c662df5b5d07c5e07
odf4/odr-rhel9-operator@sha256:6fe49aae3a43e09ad0a498337c5ab068728db0d6c5e135d7d5f013685a406ae7
odf4/rook-ceph-rhel9-operator@sha256:5480e26b4258f9c76250672eb5def587d873fb78716c5a67b5d9dfcfcdaa7054
x86_64
odf4/cephcsi-rhel9@sha256:232c3178bed85fb7de98a1740b79c076a43361a95adec6ad46a2bc78d26cd806
odf4/mcg-cli-rhel9@sha256:59a966151fbb1b1dba8ed8a59818401fb606b7e0823f9b97c9d4c7646dd6b9b1
odf4/mcg-core-rhel9@sha256:a12f8054a2ca69c979abac544a6c3a934442898f11900abc4430d47d4db853b1
odf4/mcg-operator-bundle@sha256:ebf4cd9bc3076bf9286977b29a943773fa8c249afdc2bfa1b911a2c0f0e5ccf7
odf4/mcg-rhel9-operator@sha256:044b19ac05dfffc305f32f58376cd6eca1f0fa67462e093940f7d3bc60cb8a1e
odf4/ocs-client-operator-bundle@sha256:7da60a69b11eb39114afb0b7ce966a084e4c1c351fc01fe6022148fcf860d2b0
odf4/ocs-client-rhel9-operator@sha256:77de2c61dc21d35413ba5bd6038bff5ecd4ff17a31b2163959a6d296bf848f26
odf4/ocs-metrics-exporter-rhel9@sha256:7128c230c0c75ef86a97cb83d72ec64c61b67897bc6a93f3b673fd50f6558d1b
odf4/ocs-operator-bundle@sha256:393c702609ca9aa209fc65d280895b5f483923a3b2378d9fc6661ca89e93afa9
odf4/ocs-rhel9-operator@sha256:0296ee52b884b1c14b2728f7e5c6a830e60589f5d7556373b933b2b8d246df2b
odf4/odf-console-rhel9@sha256:c863f5e07c050aea29c68134e3b0ed9b44293ddc87129fb7a4d14626f2351927
odf4/odf-csi-addons-operator-bundle@sha256:11eb4cfee0a16219da8bc3f6f430aea87fc6d700bffd00ac40eb11d08e1e9bf9
odf4/odf-csi-addons-rhel9-operator@sha256:c45130a3da6e39619fc960d4dcf5ca1d88d59d5a54a52822b3625986b01c876a
odf4/odf-csi-addons-sidecar-rhel9@sha256:3b2b633a23de41f1eafc7032d21d1cb59d5000ae8f1fb2b92472c26b4ff354e3
odf4/odf-multicluster-console-rhel9@sha256:44ccb52e71c5a196e03694880090051f6e6b25f2a541773849d6c68dd4f38181
odf4/odf-multicluster-operator-bundle@sha256:8fd9a61bd5b3ea00a85fc5e7e2a6eb7a9a3615898ff26d671c2ba37078d629cd
odf4/odf-multicluster-rhel9-operator@sha256:4a013d77b54ec8f86ddeb2ca954f2581b3c7984e26d5c515e977f60aaa462e8b
odf4/odf-must-gather-rhel9@sha256:8d799c650bfb11bad2b02889279c7acea07d07a141e5aed7f4fb0c0f8fbaf868
odf4/odf-operator-bundle@sha256:31713e6c87d2a35d41c7fd2f69c8eea017ed0277b30bcaa25e2252852c1a7430
odf4/odf-rhel9-operator@sha256:e151072b2584c9e7bf4a57ca837eb6360f85ecd38ead780fd3fc85a45501f820
odf4/odr-cluster-operator-bundle@sha256:204ec7fb783b511699700fd39ed16a2cf4a43f3dbaed7fdfb1bd324ef643fb81
odf4/odr-hub-operator-bundle@sha256:dcce9bba459d2eae836660cfce2519aac371923d7ab276249dea794785814a89
odf4/odr-rhel9-operator@sha256:bbb10e55a3a33ef260be9e40672b6b72385b869c88fcba534e87a8cc6fa315d8
odf4/rook-ceph-rhel9-operator@sha256:af3abca0a5ae9e6a3b4f112fc00fc1c21d20eaa21acec5fee6dddee76908ceec
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202407-26 - A vulnerability has been discovered in Dmidecode, which can lead to privilege escalation. Versions greater than or equal to 3.5 are affected.
Red Hat Security Advisory 2023-5480-01 - Red Hat OpenShift Serverless release of OpenShift Serverless Logic. This release includes security fixes. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-5447-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5442-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.
Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.3.2 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulate...
Red Hat Security Advisory 2023-5379-01 - Network Observability 1.4.0. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.
Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulne...
Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.
Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.
Red Hat Security Advisory 2023-5252-01 - The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface, depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer.
An update for dmidecode is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30630: A vulnerability was found dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.
Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.
Red Hat Security Advisory 2023-5175-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2023-5174-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.
Ubuntu Security Notice 6372-1 - It was discovered that DBus incorrectly handled certain invalid messages. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.
Red Hat OpenShift Service Mesh Containers for 2.4.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35942: A flaw was found in Envoy, where gRPC access loggers using the listener's global scope can cause a use-after-free crash when the listener is drained. This issue can be triggered by a listener discovery service (LDS) update with the same gRPC access log configuration.
Red Hat OpenShift Service Mesh 2.2.10 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35941: A flaw was found in Envoy, where a malicious client can construct credentials with permanent validity in a specific scenario. This issue is caused by some rare scenarios, such as the combination of host and expiration time, in which the HMAC payload can always be valid in the OAuth2 filter's HMAC check. * CVE-2023-35944: A flaw was found in Envoy that allows for mixed-case sche...
Red Hat Security Advisory 2023-5071-01 - Libcap is a library for getting and setting POSIX.1e draft 15 capabilities. Issues addressed include integer overflow and memory leak vulnerabilities.
Red Hat Security Advisory 2023-5061-01 - The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface, depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer.
An update for libcap is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2602: A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. * CVE-2023-2603: A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if th...
An update for dmidecode is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30630: A vulnerability was found dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.
Red Hat Security Advisory 2023-5030-01 - An update is now available for Red Hat OpenShift GitOps 1.8. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.
An update is now available for Red Hat OpenShift GitOps 1.8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40029: A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via i...
An update is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40029: A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via i...
Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.
Red Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-4972-01 - Multicluster Engine for Kubernetes 2.1.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.
Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to esc...
Red Hat Security Advisory 2023-4731-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.10.
Red Hat DevWorkspace Operator 0.22 has been released. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-...
Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.
Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.
Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3027: The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created polic...
Red Hat Security Advisory 2023-4708-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Red Hat Security Advisory 2023-4703-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Red Hat Security Advisory 2023-4707-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
An update for subscription-manager is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() me...
An update for subscription-manager is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 e...
An update for subscription-manager is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.S...
Red Hat Security Advisory 2023-4694-01 - Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) director Operator containers are now available. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-4603-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.9.
Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...
Red Hat Security Advisory 2023-4524-01 - Libcap is a library for getting and setting POSIX.1e draft 15 capabilities. Issues addressed include integer overflow and memory leak vulnerabilities.
Red Hat Security Advisory 2023-4524-01 - Libcap is a library for getting and setting POSIX.1e draft 15 capabilities. Issues addressed include integer overflow and memory leak vulnerabilities.
An update for libcap is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2602: A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. * CVE-2023-2603: A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if th...
Red Hat Security Advisory 2023-4498-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
Red Hat OpenShift Virtualization release 4.12.5 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain ...
An update is now available for Red Hat OpenShift Logging Subsystem 5.7.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service. * CVE-2023-26136: A flaw was found in the tough-cookie package. Affec...
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
Red Hat OpenShift Container Platform release 4.12.21 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside ...
Red Hat Security Advisory 2023-3410-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.20.
Red Hat Security Advisory 2023-3409-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.20.
Red Hat OpenShift Container Platform release 4.12.20 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside...
Red Hat Security Advisory 2023-3366-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.2. Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2023-3319-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Red Hat Security Advisory 2023-3318-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler.
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...
An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.