Red Hat Security Advisory 2024-0752-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0752.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: container-tools:rhel8 security updateAdvisory ID:        RHSA-2024:0752-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0752Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2024-21626====================================================================Summary: An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* runc: file descriptor leak (CVE-2024-21626)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21626References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2024-001https://bugzilla.redhat.com/show_bug.cgi?id=2258725

Red Hat Security Advisory 2024-0752-03

Red Hat Security Advisory 2024-0751-03 - An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0751.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libmaxminddb security updateAdvisory ID:        RHSA-2024:0751-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0751Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2020-28241====================================================================Summary: An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The libmaxminddb package contains the MaxMind DB library.Security Fix(es):* libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2020-28241References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=1895379

Red Hat Security Advisory 2024-0751-03

Red Hat Security Advisory 2024-0750-03 - An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0750.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libmaxminddb security updateAdvisory ID:        RHSA-2024:0750-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0750Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2020-28241====================================================================Summary: An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The libmaxminddb package contains the MaxMind DB library.Security Fix(es):* libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2020-28241References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=1895379

Red Hat Security Advisory 2024-0750-03

Red Hat Security Advisory 2024-0749-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an integer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0749.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: unbound security updateAdvisory ID:        RHSA-2024:0749-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0749Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2019-25033====================================================================Summary: An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.Security Fix(es):* unbound: integer overflow in the regional allocator via the ALIGN_UP macro (CVE-2019-25033)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2019-25033References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=1954775

Red Hat Security Advisory 2024-0749-03

Red Hat Security Advisory 2024-0748-03 - An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0748.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: container-tools:4.0 security updateAdvisory ID:        RHSA-2024:0748-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0748Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2023-39326====================================================================Summary: An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* runc: file descriptor leak (\"Leaky Vessels\") (CVE-2024-21626)A Red Hat Security Bulletin which addresses further details about the Leaky Vessels flaw is available in the References section.* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)* golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39326References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2024-001https://bugzilla.redhat.com/show_bug.cgi?id=2253193https://bugzilla.redhat.com/show_bug.cgi?id=2253330https://bugzilla.redhat.com/show_bug.cgi?id=2258725https://issues.redhat.com/browse/RHEL-15029https://issues.redhat.com/browse/RHEL-17145

Red Hat Security Advisory 2024-0748-03

Red Hat Security Advisory 2024-0746-03 - Updated container image for Red Hat Ceph Storage 5.3 is now available in the Red Hat Ecosystem Catalog. Issues addressed include cross site scripting and denial of service vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0746.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: new container image: rhceph-5.3  
Advisory ID:        RHSA-2024:0746-03  
Product:            Red Hat Ceph Storage  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0746  
Issue date:         2024-02-09  
Revision:           03  
CVE Names:          CVE-2022-23498  
====================================================================

Summary: 

Updated container image for Red Hat Ceph Storage 5.3 is now available in  
the Red Hat Ecosystem Catalog.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform  
that combines the most stable version of the Ceph storage system with a  
Ceph management platform, deployment utilities, and support services.

This updated container image is based on Red Hat Ceph Storage 5.3 and Red  
Hat Enterprise Linux.

Space precludes documenting all of these changes in this advisory. Users  
are directed to the Red Hat Ceph Storage Release Notes for information on  
the most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index

All users of Red Hat Ceph Storage are advised to pull these new images from  
the Red Hat Ecosystem catalog.

Security Fix(es):

* grafana: Use of Cache Containing Sensitive Information (CVE-2022-23498)

* grafana: cross site scripting (CVE-2023-0507)

* grafana: cross site scripting (CVE-2023-0594)

* haproxy: request smuggling attack in HTTP/1 header parsing (CVE-2023-25725)

* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

* haproxy: segfault DoS (CVE-2023-0056)

* grafana: JWT token leak to data source (CVE-2023-1387)

* grafana: stored XSS vulnerability affecting the core plugin \"Text\" (CVE-2023-22462)

* golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5/html-single/upgrade_guide/index

https://access.redhat.com/articles/2789521

https://access.redhat.com/articles/1548993

CVEs:

CVE-2022-23498

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2160808  
https://bugzilla.redhat.com/show_bug.cgi?id=2161274  
https://bugzilla.redhat.com/show_bug.cgi?id=2164936  
https://bugzilla.redhat.com/show_bug.cgi?id=2167266  
https://bugzilla.redhat.com/show_bug.cgi?id=2168037  
https://bugzilla.redhat.com/show_bug.cgi?id=2168038  
https://bugzilla.redhat.com/show_bug.cgi?id=2169089  
https://bugzilla.redhat.com/show_bug.cgi?id=2184481  
https://bugzilla.redhat.com/show_bug.cgi?id=2186322  
https://bugzilla.redhat.com/show_bug.cgi?id=2256938

Red Hat Security Advisory 2024-0746-03

Red Hat Security Advisory 2024-0745-03 - An update is now available for Red Hat Ceph Storage 5.3 in the Red Hat Ecosystem Catalog.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0745.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Red Hat Ceph Storage 5.3 Security update  
Advisory ID:        RHSA-2024:0745-03  
Product:            Red Hat Ceph Storage  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0745  
Issue date:         2024-02-09  
Revision:           03  
CVE Names:          CVE-2023-43040  
====================================================================

Summary: 

An update is now available for Red Hat Ceph Storage 5.3 in the Red Hat  
Ecosystem Catalog.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform  
that combines the most stable version of the Ceph storage system with a  
Ceph management platform, deployment utilities, and support services.

These updated packages include numerous bug fixes. Space precludes  
documenting all of these changes in this advisory. Users are directed to  
the Red Hat Ceph Storage Release Notes for information on the most  
significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index

All users of Red Hat Ceph Storage are advised to update to these packages  
that provide various bug fixes.

Security Fix(es):

* rgw: improperly verified POST keys (CVE-2023-43040)

* ceph: RGW crash upon misconfigured CORS rule (CVE-2023-46159)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5/html-single/upgrade_guide/index#upgrade-a-red-hat-ceph-storage-cluster-using-cephadm

https://access.redhat.com/articles/1548993

CVEs:

CVE-2023-43040

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2153448  
https://bugzilla.redhat.com/show_bug.cgi?id=2193419  
https://bugzilla.redhat.com/show_bug.cgi?id=2211758  
https://bugzilla.redhat.com/show_bug.cgi?id=2215374  
https://bugzilla.redhat.com/show_bug.cgi?id=2215380  
https://bugzilla.redhat.com/show_bug.cgi?id=2216855  
https://bugzilla.redhat.com/show_bug.cgi?id=2216857  
https://bugzilla.redhat.com/show_bug.cgi?id=2224636  
https://bugzilla.redhat.com/show_bug.cgi?id=2227806  
https://bugzilla.redhat.com/show_bug.cgi?id=2227810  
https://bugzilla.redhat.com/show_bug.cgi?id=2227997  
https://bugzilla.redhat.com/show_bug.cgi?id=2228001  
https://bugzilla.redhat.com/show_bug.cgi?id=2228039  
https://bugzilla.redhat.com/show_bug.cgi?id=2231469  
https://bugzilla.redhat.com/show_bug.cgi?id=2232164  
https://bugzilla.redhat.com/show_bug.cgi?id=2233444  
https://bugzilla.redhat.com/show_bug.cgi?id=2233886  
https://bugzilla.redhat.com/show_bug.cgi?id=2234610  
https://bugzilla.redhat.com/show_bug.cgi?id=2236190  
https://bugzilla.redhat.com/show_bug.cgi?id=2237391  
https://bugzilla.redhat.com/show_bug.cgi?id=2237880  
https://bugzilla.redhat.com/show_bug.cgi?id=2238665  
https://bugzilla.redhat.com/show_bug.cgi?id=2239149  
https://bugzilla.redhat.com/show_bug.cgi?id=2239433  
https://bugzilla.redhat.com/show_bug.cgi?id=2239455  
https://bugzilla.redhat.com/show_bug.cgi?id=2240089  
https://bugzilla.redhat.com/show_bug.cgi?id=2240144  
https://bugzilla.redhat.com/show_bug.cgi?id=2240586  
https://bugzilla.redhat.com/show_bug.cgi?id=2240727  
https://bugzilla.redhat.com/show_bug.cgi?id=2240839  
https://bugzilla.redhat.com/show_bug.cgi?id=2240977  
https://bugzilla.redhat.com/show_bug.cgi?id=2244868  
https://bugzilla.redhat.com/show_bug.cgi?id=2245335  
https://bugzilla.redhat.com/show_bug.cgi?id=2245699  
https://bugzilla.redhat.com/show_bug.cgi?id=2247232  
https://bugzilla.redhat.com/show_bug.cgi?id=2248825  
https://bugzilla.redhat.com/show_bug.cgi?id=2249014  
https://bugzilla.redhat.com/show_bug.cgi?id=2249017  
https://bugzilla.redhat.com/show_bug.cgi?id=2249565  
https://bugzilla.redhat.com/show_bug.cgi?id=2249571  
https://bugzilla.redhat.com/show_bug.cgi?id=2251768  
https://bugzilla.redhat.com/show_bug.cgi?id=2252781  
https://bugzilla.redhat.com/show_bug.cgi?id=2253672  
https://bugzilla.redhat.com/show_bug.cgi?id=2255035  
https://bugzilla.redhat.com/show_bug.cgi?id=2255436  
https://bugzilla.redhat.com/show_bug.cgi?id=2256172  
https://bugzilla.redhat.com/show_bug.cgi?id=2257421  
https://bugzilla.redhat.com/show_bug.cgi?id=2259297

Red Hat Security Advisory 2024-0745-03

Red Hat Security Advisory 2024-0728-03 - Logging Subsystem 5.8.3 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0728.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Logging Subsystem 5.8.3 - Red Hat OpenShiftAdvisory ID:        RHSA-2024:0728-03Product:            Logging Subsystem for Red Hat OpenShiftAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0728Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2023-39326====================================================================Summary: Logging Subsystem 5.8.3 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Logging Subsystem 5.8.3 - Red Hat OpenShiftSecurity Fix(es):* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39326References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2253330https://issues.redhat.com/browse/LOG-4822https://issues.redhat.com/browse/LOG-4893https://issues.redhat.com/browse/LOG-4962https://issues.redhat.com/browse/LOG-4963https://issues.redhat.com/browse/LOG-4969https://issues.redhat.com/browse/OU-319https://issues.redhat.com/browse/OU-320

Red Hat Security Advisory 2024-0728-03

We are pleased to announce the provisioning of Red Hat OpenShift Dedicated clusters on Google Cloud Shielded VMs is now generally available. This blog gives a short overview of Shielded VMs and the new configuration parameter introduced in the OpenShift Dedicated provisioning workflow.Shielded VMs are specialized VMs on Google Cloud with extra security features such as secure boot, firmware and integrity monitoring and rootkit protection. This protects enterprise workloads from threats like remote attacks, privilege escalation, and malicious insiders.Red Hat customers can optionally select Ena

We are pleased to announce the provisioning of Red Hat OpenShift Dedicated clusters on Google Cloud Shielded VMs is now generally available. This blog gives a short overview of Shielded VMs and the new configuration parameter introduced in the OpenShift Dedicated provisioning workflow.

Shielded VMs are specialized VMs on Google Cloud with extra security features such as secure boot, firmware and integrity monitoring and rootkit protection. This protects enterprise workloads from threats like remote attacks, privilege escalation, and malicious insiders.

Red Hat customers can optionally select Enable Secure Boot for Shielded VMs to use Shielded VMs when installing OpenShift Dedicated clusters via the OpenShift Cluster Manager Hybrid Cloud Console. This feature is available in OpenShift Dedicated version 4.13.0 or higher.

Since **Secure Boot support for Shielded VMs** is an install time setting, existing OpenShift Dedicated clusters deployed on Google Cloud cannot be edited to support Shielded VMs. One must create new clusters to enable use of Shielded VMs.

For more details, refer to the prerequisites and steps to create an OpenShift Dedicated cluster on Google Cloud Platform.

_Shielded VM setting in the OpenShift Dedicated cluster creation wizard_

With support for this feature, OpenShift Dedicated users can set constraints/compute.requireShieldedVm Google Cloud organization policy constraint to True to be sure all Google Cloud Compute Engine VM instances created within the Google Cloud organization are Shielded VMs. 

There is no additional cost for provisioning OpenShift Dedicated clusters on Google Cloud with Shielded VM support. Also, use of Shielded VM does not incur additional infrastructure costs on top of the Google Cloud Compute Engine pricing. For more details, refer Google Cloud Shielded VM pricing.

**Try OpenShift Dedicated from the Google Cloud Marketplace**

OpenShift Dedicated purchased from the Google Cloud Marketplace is an easy and self-service way to try OpenShift Dedicated with a flexible pay-as-you-go consumption model. You can also retire a portion of your Google Cloud committed spend when purchasing OpenShift Dedicated.

Red Hat OpenShift Dedicated is a fully managed application platform that helps you more quickly build, deploy, and scale applications, rather than having to deal with the underlying infrastructure. Get started with OpenShift Dedicated on Google Cloud today.

**Additional resources on this topic**

*   Shielded VMs in Google Cloud
*   OpenShift Dedicated on Google Cloud Marketplace listing
*   Steps to Create a cluster on Google Cloud Platform in OpenShift Dedicated documentation
*   Cloud deployment options in OpenShift Dedicated documentation
*   Google Cloud organization policy constraints

Deploying Red Hat OpenShift Dedicated clusters on Shielded Virtual Machines

Red Hat Security Advisory 2024-0733-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include an information leakage vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0733.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update  
Advisory ID:        RHSA-2024:0733-03  
Product:            Red Hat Ansible Automation Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0733  
Issue date:         2024-02-07  
Revision:           03  
CVE Names:          CVE-2023-43804  
====================================================================

Summary: 

An update is now available for Red Hat Ansible Automation Platform 2.4

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

Security Fix(es):

* ansible-core: possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration (CVE-2024-0690)

* automation-controller: urllib3: Cookie request header isn't stripped during cross-origin (CVE-2023-43804)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Updates and fixes for automation controller:  
* Fixed jobs stuck in pending state after connection to database recover (AAP-19618)  
* Added secure flag option for userLoggedIn cookie if 'SESSION_COOKIE_SECURE' is set to 'True' (AAP-19602)  
* Fixed 'twilio_backend.py' to send SMS to multiple destinations (AAP-19284)  
* Fixed rsyslogd from unexpectedly stop sending events to Splunk HTTP Collector and recover rsyslog from 4xx errors (AAP-19069)  
* Fixed a TypeError in the  Logging Settings Edit form of the automation controller user interface to no longer render the form inputs inaccessible (AAP-18960)  
* Fixed Delinea (previously: Thycotic) DevOps Secrets Vault credential plugin to work with python-dsv-sdk>=1.0.4 (AAP-18701)  
* Updated schedule Prompt on launch fields to persist while editing (AAP-13859)  
* automation-controller has been updated to 4.5.1

Note: The 2.4-5 installer/setup should be used to update automation controller to 4.5.1

Updates and fixes for ansible-core:  
* ansible-core has been updated to 2.15.9

Updates and fixes for installer, setup and setup bundle:  
* Fixed the version check when pinning EDA to an older version (AAP-19399)  
* Fixed rsyslogd from unexpectedly stop sending events to Splunk HTTP Collector and recover rsyslog from 4xx errors (AAP-19069)  
* Automation Hub now uses system crypto-policies in nginx (AAP-18974)  
* installer, setup and setup bundle have been updated to 2.4-5

Additionally, setup bundle 2.4-5 includes the updates released in the following advisories:

RHSA-2024:0322  
* python3-dynaconf/python39-dynaconf 3.1.12-2  
* python3-gitpython/python39-gitpython 3.1.40  
* python3-twisted/python39-twisted 23.10.0

RHBA-2023:7863  
* container images

Solution:

CVEs:

CVE-2023-43804

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/errata/RHSA-2024:0322  
https://access.redhat.com/errata/RHBA-2023:7863  
https://bugzilla.redhat.com/show_bug.cgi?id=2242493  
https://bugzilla.redhat.com/show_bug.cgi?id=2259013

Tag

#red_hat