Red Hat Security Advisory 2024-3999-03 - An update for ghostscript is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3999.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: ghostscript security updateAdvisory ID:        RHSA-2024:3999-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3999Issue date:         2024-06-20Revision:           03CVE Names:          CVE-2024-33871====================================================================Summary: An update for ghostscript is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.Security Fix(es):* ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-33871References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2283508

Red Hat Security Advisory 2024-3999-03

Red Hat Security Advisory 2024-3998-03 - An update for curl is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3998.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: curl security updateAdvisory ID:        RHSA-2024:3998-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3998Issue date:         2024-06-20Revision:           03CVE Names:          CVE-2024-2398====================================================================Summary: An update for curl is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.Security Fix(es):* curl: HTTP/2 push headers memory-leak (CVE-2024-2398)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-2398References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2270498

Red Hat Security Advisory 2024-3998-03

Red Hat Security Advisory 2024-3989-03 - Migration Toolkit for Applications 6.2.3 release. Issues addressed include denial of service, memory leak, and password leak vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3989.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Migration Toolkit for Applications security and bug fix update  
Advisory ID:        RHSA-2024:3989-03  
Product:            Migration Toolkit for Applications  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3989  
Issue date:         2024-06-20  
Revision:           03  
CVE Names:          CVE-2023-26159  
====================================================================

Summary: 

Migration Toolkit for Applications 6.2.3 release

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

Description:

Migration Toolkit for Applications 6.2.3 Images

Security Fix(es) from Bugzilla:

* keycloak: path transversal in redirection validation (CVE-2024-1132)

* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)

* axios: exposure of confidential data stored in cookies (CVE-2023-45857)

* css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)

* css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)

* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)

* io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)

* io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)

* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)

* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)

* follow-redirects: Possible credential leak (CVE-2024-28849)

* jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)

* commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree (CVE-2024-29133)

* commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() (CVE-2024-29131)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-26159

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2239630  
https://bugzilla.redhat.com/show_bug.cgi?id=2248979  
https://bugzilla.redhat.com/show_bug.cgi?id=2250364  
https://bugzilla.redhat.com/show_bug.cgi?id=2254559  
https://bugzilla.redhat.com/show_bug.cgi?id=2256413  
https://bugzilla.redhat.com/show_bug.cgi?id=2260840  
https://bugzilla.redhat.com/show_bug.cgi?id=2262117  
https://bugzilla.redhat.com/show_bug.cgi?id=2263139  
https://bugzilla.redhat.com/show_bug.cgi?id=2264988  
https://bugzilla.redhat.com/show_bug.cgi?id=2264989  
https://bugzilla.redhat.com/show_bug.cgi?id=2269576  
https://bugzilla.redhat.com/show_bug.cgi?id=2270673  
https://bugzilla.redhat.com/show_bug.cgi?id=2270674  
https://bugzilla.redhat.com/show_bug.cgi?id=2270863

Red Hat Security Advisory 2024-3989-03

Red Hat Security Advisory 2024-3918-03 - Red Hat OpenShift Container Platform release 4.14.30 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3918.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.14.30 packages and security update  
Advisory ID:        RHSA-2024:3918-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3918  
Issue date:         2024-06-19  
Revision:           03  
CVE Names:          CVE-2023-48795  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.30 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of  Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.14.30. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:3881

Security Fix(es):

* ssh: Prefix truncation attack on Binary Packet Protocol (BPP)  
(CVE-2023-48795)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

CVEs:

CVE-2023-48795

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2254210

Red Hat Security Advisory 2024-3918-03

Red Hat Security Advisory 2024-3881-03 - Red Hat OpenShift Container Platform release 4.14.30 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3881.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.14.30 bug fix and security update  
Advisory ID:        RHSA-2024:3881-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3881  
Issue date:         2024-06-19  
Revision:           03  
CVE Names:          CVE-2024-4369  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.30 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.14.30. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:3918

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

Security Fix(es):

* cluster-image-registry-operator: Exposes a secret via env variable in pod  
definition on Azure (CVE-2024-4369)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  
All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2024-4369

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2278035  
https://issues.redhat.com/browse/OCPBUGS-32473  
https://issues.redhat.com/browse/OCPBUGS-34024  
https://issues.redhat.com/browse/OCPBUGS-34495  
https://issues.redhat.com/browse/OCPBUGS-34570  
https://issues.redhat.com/browse/OCPBUGS-34573  
https://issues.redhat.com/browse/OCPBUGS-34657  
https://issues.redhat.com/browse/OCPBUGS-34668  
https://issues.redhat.com/browse/OCPBUGS-34792  
https://issues.redhat.com/browse/OCPBUGS-34814  
https://issues.redhat.com/browse/OCPBUGS-34856  
https://issues.redhat.com/browse/OCPBUGS-34973  
https://issues.redhat.com/browse/OCPBUGS-35034  
https://issues.redhat.com/browse/OCPBUGS-35085  
https://issues.redhat.com/browse/OCPBUGS-35230

Red Hat Security Advisory 2024-3881-03

Red Hat Security Advisory 2024-3980-03 - An update for flatpak is now available for Red Hat Enterprise Linux 7.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3980.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: flatpak security updateAdvisory ID:        RHSA-2024:3980-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3980Issue date:         2024-06-18Revision:           03CVE Names:          CVE-2024-32462====================================================================Summary: An update for flatpak is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Flatpak is a system for building, distributing, and running sandboxed desktopapplications on Linux.Security Fix(es):* flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32462References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2275981

Red Hat Security Advisory 2024-3980-03

Red Hat Security Advisory 2024-3979-03 - An update for flatpak is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3979.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: flatpak security updateAdvisory ID:        RHSA-2024:3979-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3979Issue date:         2024-06-18Revision:           03CVE Names:          CVE-2024-32462====================================================================Summary: An update for flatpak is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.Security Fix(es):* flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32462References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2275981

Red Hat Security Advisory 2024-3979-03

Red Hat Security Advisory 2024-3889-03 - Red Hat OpenShift Container Platform release 4.15.18 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3889.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.15.18 security update  
Advisory ID:        RHSA-2024:3889-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3889  
Issue date:         2024-06-19  
Revision:           03  
CVE Names:          CVE-2023-45288  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.18 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.18. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:3892

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

Security Fix(es):

* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames  
causes DoS (CVE-2023-45288)  
* go-git: Maliciously crafted Git server replies can cause DoS on go-git  
clients (CVE-2023-49568)  
* cluster-image-registry-operator: Exposes a secret via env variable in pod  
definition on Azure (CVE-2024-4369)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  
All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-45288

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2258165  
https://bugzilla.redhat.com/show_bug.cgi?id=2268273  
https://bugzilla.redhat.com/show_bug.cgi?id=2278035  
https://issues.redhat.com/browse/OCPBUGS-28928  
https://issues.redhat.com/browse/OCPBUGS-29361  
https://issues.redhat.com/browse/OCPBUGS-30208  
https://issues.redhat.com/browse/OCPBUGS-31461  
https://issues.redhat.com/browse/OCPBUGS-32029  
https://issues.redhat.com/browse/OCPBUGS-32092  
https://issues.redhat.com/browse/OCPBUGS-33206  
https://issues.redhat.com/browse/OCPBUGS-33526  
https://issues.redhat.com/browse/OCPBUGS-33736  
https://issues.redhat.com/browse/OCPBUGS-34423  
https://issues.redhat.com/browse/OCPBUGS-34641  
https://issues.redhat.com/browse/OCPBUGS-34732  
https://issues.redhat.com/browse/OCPBUGS-34843  
https://issues.redhat.com/browse/OCPBUGS-34868  
https://issues.redhat.com/browse/OCPBUGS-34887  
https://issues.redhat.com/browse/OCPBUGS-34997  
https://issues.redhat.com/browse/OCPBUGS-35002  
https://issues.redhat.com/browse/OCPBUGS-35010  
https://issues.redhat.com/browse/OCPBUGS-35059  
https://issues.redhat.com/browse/OCPBUGS-35074  
https://issues.redhat.com/browse/OCPBUGS-35229  
https://issues.redhat.com/browse/OCPBUGS-35255

Red Hat Security Advisory 2024-3889-03

Red Hat Security Advisory 2024-3885-03 - Red Hat OpenShift Container Platform release 4.13.44 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3885.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.13.44 bug fix and security update  
Advisory ID:        RHSA-2024:3885-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3885  
Issue date:         2024-06-19  
Revision:           03  
CVE Names:          CVE-2022-21708  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.13.44 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of  Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.44. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:3887

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Security Fix(es):

* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames  
causes DoS (CVE-2023-45288)  
* graphql-go: Denial of service via stack overflow panics (CVE-2022-21708)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2022-21708

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2045014  
https://bugzilla.redhat.com/show_bug.cgi?id=2268273  
https://issues.redhat.com/browse/OCPBUGS-24395  
https://issues.redhat.com/browse/OCPBUGS-33777  
https://issues.redhat.com/browse/OCPBUGS-33978  
https://issues.redhat.com/browse/OCPBUGS-33990  
https://issues.redhat.com/browse/OCPBUGS-34342  
https://issues.redhat.com/browse/OCPBUGS-34409  
https://issues.redhat.com/browse/OCPBUGS-34765  
https://issues.redhat.com/browse/OCPBUGS-35094  
https://issues.redhat.com/browse/OCPBUGS-35241

Red Hat Security Advisory 2024-3885-03

Red Hat Security Advisory 2024-1482-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1482.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: java-1.8.0-ibm security updateAdvisory ID:        RHSA-2024:1482-03Product:            Red Hat Enterprise Linux SupplementaryAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1482Issue date:         2024-06-19Revision:           03CVE Names:          CVE-2024-20918====================================================================Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.This update upgrades IBM Java SE 8 to version 8 SR8-FP15.Security Fix(es):For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-20918References:https://access.redhat.com/security/updates/classification/#moderate

Tag

#red_hat