Red Hat Security Advisory 2023-7522-01 - Red Hat OpenShift Virtualization release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7522.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Virtualization 4.13.6 security and bug fix update  
Advisory ID:        RHSA-2023:7522-01  
Product:            OpenShift Virtualization  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7522  
Issue date:         2023-11-28  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Virtualization release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.13.6 images.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Virtual machine export is not working on Quota defined namespace (BZ#2236422)

* [4.13] Host assisted clone hangs because some provisioners don't allow mounting block PVC read only (BZ#2247666)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://bugzilla.redhat.com/show_bug.cgi?id=2236422  
https://bugzilla.redhat.com/show_bug.cgi?id=2242803  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://bugzilla.redhat.com/show_bug.cgi?id=2247666  
https://issues.redhat.com/browse/CNV-34788

Red Hat Security Advisory 2023-7522-01

Red Hat Security Advisory 2023-7521-01 - Red Hat OpenShift Virtualization release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7521.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Virtualization 4.13.6 RPMs security and bug fix update  
Advisory ID:        RHSA-2023:7521-01  
Product:            OpenShift Virtualization  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7521  
Issue date:         2023-11-28  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Virtualization release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.13.6 RPMs.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* 4.13.6 rpms (BZ#2251683)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://bugzilla.redhat.com/show_bug.cgi?id=2242803  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://bugzilla.redhat.com/show_bug.cgi?id=2251683

Red Hat Security Advisory 2023-7521-01

Red Hat Security Advisory 2023-7481-01 - Red Hat OpenShift Container Platform release 4.11.54 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7481.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.11.54 packages and security update  
Advisory ID:        RHSA-2023:7481-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7481  
Issue date:         2023-11-29  
Revision:           01  
CVE Names:          CVE-2023-44487  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.11.54 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.11.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.54. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:7479

Security Fix(es):

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS  
attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

CVEs:

CVE-2023-44487

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2242803

Red Hat Security Advisory 2023-7481-01

Red Hat Security Advisory 2023-7479-01 - Red Hat OpenShift Container Platform release 4.11.54 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7479.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.11.54 bug fix and security update  
Advisory ID:        RHSA-2023:7479-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7479  
Issue date:         2023-11-29  
Revision:           01  
CVE Names:          CVE-2023-5408  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.11.54 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.11.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.54. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2023:7481

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Security Fix(es):

* OpenShift: modification of node role labels (CVE-2023-5408)  
* golang: net/http, x/net/http2: rapid stream resets can cause excessive  
work (CVE-2023-44487) (CVE-2023-39325)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  
All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-5408

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2242173  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://issues.redhat.com/browse/OCPBUGS-18172  
https://issues.redhat.com/browse/OCPBUGS-19297  
https://issues.redhat.com/browse/OCPBUGS-19930  
https://issues.redhat.com/browse/OCPBUGS-22763  
https://issues.redhat.com/browse/OCPBUGS-22785  
https://issues.redhat.com/browse/OCPBUGS-23041  
https://issues.redhat.com/browse/OCPBUGS-23123  
https://issues.redhat.com/browse/OCPBUGS-23478

Red Hat Security Advisory 2023-7479-01

Red Hat Security Advisory 2023-7478-01 - Red Hat OpenShift Container Platform release 4.11.54 is now available with updates to packages and images that fix several bugs.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7478.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.11.54 security and extras update  
Advisory ID:        RHSA-2023:7478-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7478  
Issue date:         2023-11-29  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.11.54 is now available with updates to packages and images that fix several bugs.

This release includes a security update for Red Hat OpenShift Container Platform 4.11.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.54. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:7479

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive  
work (CVE-2023-44487) (CVE-2023-39325)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296

Red Hat Security Advisory 2023-7478-01

Red Hat Security Advisory 2023-7517-01 - An update is now available for Red Hat Ansible Automation Platform 2.4.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7517.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix UpdateAdvisory ID:        RHSA-2023:7517-01Product:            Red Hat Ansible Automation PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7517Issue date:         2023-11-27Revision:           01CVE Names:          CVE-2023-39321====================================================================Summary: An update is now available for Red Hat Ansible Automation Platform 2.4Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.Security Fix(es):* receptor: golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)* receptor: golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322 )For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional changes for receptor:* Always clean up timed out connections (AAP-16951)* receptor has been updated to 1.4.3Solution:CVEs:CVE-2023-39321References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2237777https://bugzilla.redhat.com/show_bug.cgi?id=2237778

Red Hat Security Advisory 2023-7517-01

Red Hat Security Advisory 2023-7515-01 - The components for Red Hat OpenShift for Windows Containers 9.0.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7515.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenShift for Windows Containers 9.0.0 security update  
Advisory ID:        RHSA-2023:7515-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7515  
Issue date:         2023-11-27  
Revision:           01  
CVE Names:          CVE-2023-3676  
====================================================================

Summary: 

The components for Red Hat OpenShift for Windows Containers 9.0.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift for Windows Containers allows you to deploy Windows container workloads running on Windows Server nodes.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

* kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation (CVE-2023-3676) (CVE-2023-3955)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-3676

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://bugzilla.redhat.com/show_bug.cgi?id=2227126  
https://bugzilla.redhat.com/show_bug.cgi?id=2227128  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://issues.redhat.com/browse/OCPBUGS-10222  
https://issues.redhat.com/browse/OCPBUGS-10437  
https://issues.redhat.com/browse/OCPBUGS-10572  
https://issues.redhat.com/browse/OCPBUGS-11259  
https://issues.redhat.com/browse/OCPBUGS-11306  
https://issues.redhat.com/browse/OCPBUGS-12971  
https://issues.redhat.com/browse/OCPBUGS-13244  
https://issues.redhat.com/browse/OCPBUGS-13780  
https://issues.redhat.com/browse/OCPBUGS-14700  
https://issues.redhat.com/browse/OCPBUGS-15461  
https://issues.redhat.com/browse/OCPBUGS-19040  
https://issues.redhat.com/browse/OCPBUGS-19949  
https://issues.redhat.com/browse/OCPBUGS-20054  
https://issues.redhat.com/browse/OCPBUGS-20067  
https://issues.redhat.com/browse/OCPBUGS-20191  
https://issues.redhat.com/browse/OCPBUGS-20664  
https://issues.redhat.com/browse/OCPBUGS-22328  
https://issues.redhat.com/browse/OCPBUGS-22711  
https://issues.redhat.com/browse/WINC-1001  
https://issues.redhat.com/browse/WINC-1003  
https://issues.redhat.com/browse/WINC-1004  
https://issues.redhat.com/browse/WINC-1010  
https://issues.redhat.com/browse/WINC-1023  
https://issues.redhat.com/browse/WINC-1025  
https://issues.redhat.com/browse/WINC-1033  
https://issues.redhat.com/browse/WINC-1035  
https://issues.redhat.com/browse/WINC-1037  
https://issues.redhat.com/browse/WINC-1040  
https://issues.redhat.com/browse/WINC-1043  
https://issues.redhat.com/browse/WINC-1090  
https://issues.redhat.com/browse/WINC-1092  
https://issues.redhat.com/browse/WINC-1098  
https://issues.redhat.com/browse/WINC-561  
https://issues.redhat.com/browse/WINC-633  
https://issues.redhat.com/browse/WINC-635  
https://issues.redhat.com/browse/WINC-637  
https://issues.redhat.com/browse/WINC-688  
https://issues.redhat.com/browse/WINC-805  
https://issues.redhat.com/browse/WINC-860  
https://issues.redhat.com/browse/WINC-861  
https://issues.redhat.com/browse/WINC-863  
https://issues.redhat.com/browse/WINC-945  
https://issues.redhat.com/browse/WINC-948  
https://issues.redhat.com/browse/WINC-950  
https://issues.redhat.com/browse/WINC-952  
https://issues.redhat.com/browse/WINC-959  
https://issues.redhat.com/browse/WINC-998  
https://issues.redhat.com/browse/WINC-999

Red Hat Security Advisory 2023-7515-01

Red Hat Security Advisory 2023-7513-01 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Issues addressed include an information leakage vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7513.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: linux-firmware security updateAdvisory ID:        RHSA-2023:7513-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7513Issue date:         2023-11-27Revision:           01CVE Names:          CVE-2023-20569====================================================================Summary: An update for linux-firmware is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The linux-firmware packages contain all of the firmware files that are required by various devices to operate.Security Fix(es):* hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569)* hw: amd: Cross-Process Information Leak (CVE-2023-20593)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-20569References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2207625https://bugzilla.redhat.com/show_bug.cgi?id=2217845

Red Hat Security Advisory 2023-7513-01

Red Hat Security Advisory 2023-7512-01 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7512.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2023:7512-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7512  
Issue date:         2023-11-27  
Revision:           01  
CVE Names:          CVE-2023-6204  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.5.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)

* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)

* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)

* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)

* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)

* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)

* Mozilla: Incorrect parsing of relative URLs starting with \"///\" (CVE-2023-6209)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6204

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2250896  
https://bugzilla.redhat.com/show_bug.cgi?id=2250897  
https://bugzilla.redhat.com/show_bug.cgi?id=2250898  
https://bugzilla.redhat.com/show_bug.cgi?id=2250899  
https://bugzilla.redhat.com/show_bug.cgi?id=2250900  
https://bugzilla.redhat.com/show_bug.cgi?id=2250901  
https://bugzilla.redhat.com/show_bug.cgi?id=2250902

Red Hat Security Advisory 2023-7512-01

Red Hat Security Advisory 2023-7511-01 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7511.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2023:7511-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7511  
Issue date:         2023-11-27  
Revision:           01  
CVE Names:          CVE-2023-6204  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.5.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)

* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)

* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)

* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)

* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)

* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)

* Mozilla: Incorrect parsing of relative URLs starting with \"///\" (CVE-2023-6209)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6204

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2250896  
https://bugzilla.redhat.com/show_bug.cgi?id=2250897  
https://bugzilla.redhat.com/show_bug.cgi?id=2250898  
https://bugzilla.redhat.com/show_bug.cgi?id=2250899  
https://bugzilla.redhat.com/show_bug.cgi?id=2250900  
https://bugzilla.redhat.com/show_bug.cgi?id=2250901  
https://bugzilla.redhat.com/show_bug.cgi?id=2250902

Tag

#red_hat