Debian Linux Security Advisory 5700-1 - An SQL injection was discovered in pymysql, a pure Python MySQL driver.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5700-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffMay 29, 2024                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : python-pymysqlCVE ID         : CVE-2024-36039An SQL injection was discovered in pymysql, a pure Python MySQL driver.For the oldstable distribution (bullseye), this problem has been fixedin version 0.9.3-2+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 1.0.2-2+deb12u1.We recommend that you upgrade your python-pymysql packages.For the detailed security status of python-pymysql please refer toits security tracker page at:https://security-tracker.debian.org/tracker/python-pymysqlFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZXZeAACgkQEMKTtsN8TjY9cRAAkMErPcbiz3MnN7NmUuqkG/NmbuUM9smN4WZp8sF6kCsCm9G8M/dSioS+IpZMFUv1DDELh2HtxWjvA+fqMTddY3CxINKmJEiMKPd8I02CjJsq1gArH8VVAaxNFQRyU69RA1hecMcQvR1lEssciddFfkzpe6E1SXK/Mp2JMNWmtpRJNUZ9khhIf4PrthpForQN8EzQs8gJRQ/2rN48TgcAA/bGyS+W5PGJbb+1RjW5H4eaNo1HHgZNwJNcTjkylG9MV7nzC5ThCPb7ycrIadYPV/IAYqnh5qUHQnDDROFvWE1MDdn9cPxGYoDmFk+/Sgxe9HXRE+Dr8/h0vb0tBBSqN6nBG/OBHKT3eKsDJVPt8TWkBuagsCvNFY3a7Unu9NQC6NavUanspOacnY1W65BYHUq/5e/U0cLyZgJcPzaJSKeZHVsHLHLStqbKUCWVBpDxX+5eVd8v3hxGq32H3e71MKqoLV5FzWUzf77qe8SxhWJ+7YSUdYVpVjZXtronaUvPKTub8p2d32dAZOSQYTbeehQpb1pIoVBWNxAOi12xTz8y7qta/DspjF4Tj3ks+9EiKtS7Bzf+jEQmYEI04RxRn/wdHRFhYjwaGsvhlaH221Y/w53fczJ5bj2zQODBJShGhuNmwpz9Jr7fvI+gZE3smVkMLWaJPl2BhtF2kAFB62s==sLat-----END PGP SIGNATURE-----

Debian Security Advisory 5700-1

Red Hat Security Advisory 2024-3486-03 - An update for gdisk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3486.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: gdisk security updateAdvisory ID:        RHSA-2024:3486-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3486Issue date:         2024-05-30Revision:           03CVE Names:          CVE-2020-0256====================================================================Summary: An update for gdisk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:The gdisk packages provide the gdisk partitioning utility for GUID PartitionTable (GPT) disks. The utility features a command-line interface similar tofdisk, direct manipulation of partition table structures, recovery tools to dealwith corrupt partition tables, and the ability to convert Master Boot Record(MBR) disks to the GPT format.Security Fix(es):* gdisk: possible out-of-bounds-write in LoadPartitionTable of gpt.cc(CVE-2020-0256)* gdisk: possible out-of-bounds-write in ReadLogicalParts of basicmbr.cc(CVE-2021-0308)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2020-0256References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2051939https://bugzilla.redhat.com/show_bug.cgi?id=2051943

Red Hat Security Advisory 2024-3486-03

Red Hat Security Advisory 2024-3483-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3483.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat Ansible Automation Platform 2.4 Container Security and Bug Fix UpdateAdvisory ID:        RHSA-2024:3483-03Product:            Red Hat Ansible Automation PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3483Issue date:         2024-05-30Revision:           03CVE Names:          CVE-2023-29483====================================================================Summary: An update is now available for Red Hat Ansible Automation Platform 2.4Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.Security Fix(es):* ee-supported: dnspython: denial of service in stub resolver (CVE-2023-29483)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Other fixes and updates:* Hub backup secret is not successfully included in operator backups (AAP-23602)* Fixes support for automation hub content signing (AAP-9739)Solution:CVEs:CVE-2023-29483References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2274520

Red Hat Security Advisory 2024-3483-03

Red Hat Security Advisory 2024-3479-03 - Updated container images are now available for director Operator for Red Hat OpenStack Platform 16.2 for RHEL 8.4. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3479.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenStack Platform 16.2 director Operator container images security update  
Advisory ID:        RHSA-2024:3479-03  
Product:            Red Hat OpenStack Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3479  
Issue date:         2024-05-30  
Revision:           03  
CVE Names:          CVE-2023-37788  
====================================================================

Summary: 

Updated container images are now available for director Operator for Red Hat OpenStack Platform 16.2 (Train) for RHEL 8.4.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware.

The Red Hat OpenStack Platform (RHOSP) director Operator adds the ability to install and run a RHOSP cloud within OpenShift Container Platform (OCP).

Security Fix(es):

* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption  
via HTTP requests (CVE-2023-39326)

* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

* golang: x/crypto/ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)

* goproxy: Denial of service (DoS) via unspecified vectors (CVE-2023-37788)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

Solution:

CVEs:

CVE-2023-37788

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2224245  
https://bugzilla.redhat.com/show_bug.cgi?id=2253330  
https://bugzilla.redhat.com/show_bug.cgi?id=2254210  
https://bugzilla.redhat.com/show_bug.cgi?id=2268273

Red Hat Security Advisory 2024-3479-03

Red Hat Security Advisory 2024-3475-03 - An update is now available for Red Hat OpenShift GitOps v1.11.5 to address the CVE-2024-31989, Unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3475.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Errata Advisory for Red Hat OpenShift GitOps v1.11.5 security updateAdvisory ID:        RHSA-2024:3475-03Product:            Red Hat OpenShift GitOpsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3475Issue date:         2024-05-30Revision:           03CVE Names:          CVE-2024-31989====================================================================Summary: An update is now available for Red Hat OpenShift GitOps v1.11.5 to address the CVE-2024-31989, Unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Errata Advisory for Red Hat OpenShift GitOps v1.11.5Security Fix(es):* CVE-2024-31989 argocd: An update is now available for Red Hat OpenShift GitOps v1.11.5 to address the CVE-2024-31989, unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379.For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-31989References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2280218

Red Hat Security Advisory 2024-3475-03

Red Hat Security Advisory 2024-3473-03 - Red Hat OpenShift Virtualization release 4.14.6 is now available with updates to packages and images that fix several bugs and add enhancements.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3473.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: OpenShift Virtualization 4.14.6 Images security updateAdvisory ID:        RHSA-2024:3473-03Product:            OpenShift VirtualizationAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3473Issue date:         2024-05-30Revision:           03CVE Names:          CVE-2023-45857====================================================================Summary: Red Hat OpenShift Virtualization release 4.14.6 is now available with updates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.Description:OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.This advisory contains OpenShift Virtualization 4.14.6 images.Security Fix(es):* axios: exposure of confidential data stored in cookies (CVE-2023-45857)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45857References:https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/security/cve/CVE-2023-45857https://bugzilla.redhat.com/show_bug.cgi?id=2248979https://issues.redhat.com/browse/CNV-36026https://issues.redhat.com/browse/CNV-39569

Red Hat Security Advisory 2024-3473-03

Red Hat Security Advisory 2024-3472-03 - An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3472.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: rh-nodejs14 security updateAdvisory ID:        RHSA-2024:3472-03Product:            Red Hat Software CollectionsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3472Issue date:         2024-05-30Revision:           03CVE Names:          CVE-2024-27983====================================================================Summary: An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es):* rh-nodejs14-nodejs: CONTINUATION frames DoS (CVE-2024-27983)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-27983References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2272764

Red Hat Security Advisory 2024-3472-03

Red Hat Security Advisory 2024-3467-03 - An update for etcd is now available for Red Hat OpenStack Platform 16.1 on Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3467.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenStack Platform 16.1 (etcd) security update  
Advisory ID:        RHSA-2024:3467-03  
Product:            Red Hat OpenStack Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3467  
Issue date:         2024-05-30  
Revision:           03  
CVE Names:          CVE-2023-39318  
====================================================================

Summary: 

An update for etcd is now available for Red Hat OpenStack Platform 16.1  
(Train) on Red Hat Enterprise Linux (RHEL) 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

Description:

A highly-available key value store for shared configuration

Security Fix(es):

* Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform  
(CVE-2024-4438)

* Incomplete fix for CVE-2021-44716 in OpenStack Platform (CVE-2024-4437)

* Incomplete fix for CVE-2022-41723 in OpenStack Platform (CVE-2024-4436)

* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)

* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)

* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)

* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)

* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-39318

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2237773  
https://bugzilla.redhat.com/show_bug.cgi?id=2237776  
https://bugzilla.redhat.com/show_bug.cgi?id=2237777  
https://bugzilla.redhat.com/show_bug.cgi?id=2237778  
https://bugzilla.redhat.com/show_bug.cgi?id=2253330  
https://bugzilla.redhat.com/show_bug.cgi?id=2268273  
https://bugzilla.redhat.com/show_bug.cgi?id=2279357  
https://bugzilla.redhat.com/show_bug.cgi?id=2279361  
https://bugzilla.redhat.com/show_bug.cgi?id=2279365

Red Hat Security Advisory 2024-3467-03

Red Hat Security Advisory 2024-3466-03 - An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and traversal vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3466.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python39:3.9 and python39-devel:3.9 security updateAdvisory ID:        RHSA-2024:3466-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3466Issue date:         2024-05-30Revision:           03CVE Names:          CVE-2023-6597====================================================================Summary: An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python39:3.9/python39: python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)* python39:3.9/python39: python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)* python39:3.9/python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() (CVE-2024-3651)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6597References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2274779https://bugzilla.redhat.com/show_bug.cgi?id=2276518https://bugzilla.redhat.com/show_bug.cgi?id=2276525

Red Hat Security Advisory 2024-3466-03

Red Hat Security Advisory 2024-3351-03 - Red Hat OpenShift Container Platform release 4.12.58 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3351.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.12.58 security update  
Advisory ID:        RHSA-2024:3351-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3351  
Issue date:         2024-05-30  
Revision:           03  
CVE Names:          CVE-2024-28180  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.12.58 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.58. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:3349

Security Fix(es):

* jose-go: improper handling of highly compressed data (CVE-2024-28180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

CVEs:

CVE-2024-28180

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268854

Tag

#js