Red Hat Security Advisory 2024-4591-03
2024-7-18 01:21:57 Author: packetstormsecurity.com(查看原文) 阅读量:8 收藏

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4591.json

Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat OpenShift Data Foundation 4.16.0 security, enhancement & bug fix update
Advisory ID: RHSA-2024:4591-03
Product: Red Hat OpenShift Data Foundation
Advisory URL: https://access.redhat.com/errata/RHSA-2024:4591
Issue date: 2024-07-17
Revision: 03
CVE Names: CVE-2023-43646
====================================================================

Summary:

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.16.0 on Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.

Security Fix(es):

* get-func-name: ReDoS in chai module (CVE-2023-43646)

* opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics (CVE-2023-47108)

* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)

* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)

* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)

* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

* jose: resource exhaustion (CVE-2024-28176)

* jose-go: improper handling of highly compressed data (CVE-2024-28180)

* submariner-operator: RBAC permissions can allow for the spread of node compromises (CVE-2024-5042)

* nodejs-ws: denial of service when handling a request with many HTTP headers (CVE-2024-37890)

* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):
These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:

https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.16/html/4.16_release_notes/index

All Red Hat OpenShift Data Foundation users are advised to upgrade to these packages that provide these bug fixes and enhancements.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-43646

References:

https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/cve/CVE-2023-43646
https://access.redhat.com/security/cve/CVE-2023-47108
https://access.redhat.com/security/cve/CVE-2024-1394
https://access.redhat.com/security/cve/CVE-2024-5042
https://access.redhat.com/security/cve/CVE-2024-24783
https://access.redhat.com/security/cve/CVE-2024-24785
https://access.redhat.com/security/cve/CVE-2024-24786
https://access.redhat.com/security/cve/CVE-2024-28176
https://access.redhat.com/security/cve/CVE-2024-28863
https://access.redhat.com/security/cve/CVE-2024-28180
https://access.redhat.com/security/cve/CVE-2024-37890
https://bugzilla.redhat.com/show_bug.cgi?id=2069759
https://bugzilla.redhat.com/show_bug.cgi?id=2078270
https://bugzilla.redhat.com/show_bug.cgi?id=2128142
https://bugzilla.redhat.com/show_bug.cgi?id=2132724
https://bugzilla.redhat.com/show_bug.cgi?id=2136413
https://bugzilla.redhat.com/show_bug.cgi?id=2139835
https://bugzilla.redhat.com/show_bug.cgi?id=2210040
https://bugzilla.redhat.com/show_bug.cgi?id=2214499
https://bugzilla.redhat.com/show_bug.cgi?id=2214948
https://bugzilla.redhat.com/show_bug.cgi?id=2215910
https://bugzilla.redhat.com/show_bug.cgi?id=2216213
https://bugzilla.redhat.com/show_bug.cgi?id=2216803
https://bugzilla.redhat.com/show_bug.cgi?id=2222146
https://bugzilla.redhat.com/show_bug.cgi?id=2231360
https://bugzilla.redhat.com/show_bug.cgi?id=2238308
https://bugzilla.redhat.com/show_bug.cgi?id=2239587
https://bugzilla.redhat.com/show_bug.cgi?id=2240951
https://bugzilla.redhat.com/show_bug.cgi?id=2241149
https://bugzilla.redhat.com/show_bug.cgi?id=2242832
https://bugzilla.redhat.com/show_bug.cgi?id=2243244
https://bugzilla.redhat.com/show_bug.cgi?id=2244353
https://bugzilla.redhat.com/show_bug.cgi?id=2246186
https://bugzilla.redhat.com/show_bug.cgi?id=2246364
https://bugzilla.redhat.com/show_bug.cgi?id=2246834
https://bugzilla.redhat.com/show_bug.cgi?id=2251022
https://bugzilla.redhat.com/show_bug.cgi?id=2251198
https://bugzilla.redhat.com/show_bug.cgi?id=2251308
https://bugzilla.redhat.com/show_bug.cgi?id=2252318
https://bugzilla.redhat.com/show_bug.cgi?id=2253043
https://bugzilla.redhat.com/show_bug.cgi?id=2253076
https://bugzilla.redhat.com/show_bug.cgi?id=2255998
https://bugzilla.redhat.com/show_bug.cgi?id=2256563
https://bugzilla.redhat.com/show_bug.cgi?id=2256899
https://bugzilla.redhat.com/show_bug.cgi?id=2257259
https://bugzilla.redhat.com/show_bug.cgi?id=2257949
https://bugzilla.redhat.com/show_bug.cgi?id=2258801
https://bugzilla.redhat.com/show_bug.cgi?id=2258861
https://bugzilla.redhat.com/show_bug.cgi?id=2258950
https://bugzilla.redhat.com/show_bug.cgi?id=2259195
https://bugzilla.redhat.com/show_bug.cgi?id=2259209
https://bugzilla.redhat.com/show_bug.cgi?id=2259616
https://bugzilla.redhat.com/show_bug.cgi?id=2259847
https://bugzilla.redhat.com/show_bug.cgi?id=2260325
https://bugzilla.redhat.com/show_bug.cgi?id=2260550
https://bugzilla.redhat.com/show_bug.cgi?id=2260757
https://bugzilla.redhat.com/show_bug.cgi?id=2261938
https://bugzilla.redhat.com/show_bug.cgi?id=2262134
https://bugzilla.redhat.com/show_bug.cgi?id=2262455
https://bugzilla.redhat.com/show_bug.cgi?id=2262461
https://bugzilla.redhat.com/show_bug.cgi?id=2262921
https://bugzilla.redhat.com/show_bug.cgi?id=2262943
https://bugzilla.redhat.com/show_bug.cgi?id=2262992
https://bugzilla.redhat.com/show_bug.cgi?id=2262997
https://bugzilla.redhat.com/show_bug.cgi?id=2263148
https://bugzilla.redhat.com/show_bug.cgi?id=2263468
https://bugzilla.redhat.com/show_bug.cgi?id=2263488
https://bugzilla.redhat.com/show_bug.cgi?id=2263818
https://bugzilla.redhat.com/show_bug.cgi?id=2264435
https://bugzilla.redhat.com/show_bug.cgi?id=2264480
https://bugzilla.redhat.com/show_bug.cgi?id=2264767
https://bugzilla.redhat.com/show_bug.cgi?id=2264900
https://bugzilla.redhat.com/show_bug.cgi?id=2265340
https://bugzilla.redhat.com/show_bug.cgi?id=2265492
https://bugzilla.redhat.com/show_bug.cgi?id=2265562
https://bugzilla.redhat.com/show_bug.cgi?id=2266316
https://bugzilla.redhat.com/show_bug.cgi?id=2266562
https://bugzilla.redhat.com/show_bug.cgi?id=2266621
https://bugzilla.redhat.com/show_bug.cgi?id=2266629
https://bugzilla.redhat.com/show_bug.cgi?id=2266845
https://bugzilla.redhat.com/show_bug.cgi?id=2266930
https://bugzilla.redhat.com/show_bug.cgi?id=2267067
https://bugzilla.redhat.com/show_bug.cgi?id=2267610
https://bugzilla.redhat.com/show_bug.cgi?id=2267907
https://bugzilla.redhat.com/show_bug.cgi?id=2267965
https://bugzilla.redhat.com/show_bug.cgi?id=2268019
https://bugzilla.redhat.com/show_bug.cgi?id=2268022
https://bugzilla.redhat.com/show_bug.cgi?id=2268046
https://bugzilla.redhat.com/show_bug.cgi?id=2268820
https://bugzilla.redhat.com/show_bug.cgi?id=2268854
https://bugzilla.redhat.com/show_bug.cgi?id=2268939
https://bugzilla.redhat.com/show_bug.cgi?id=2269319
https://bugzilla.redhat.com/show_bug.cgi?id=2269354
https://bugzilla.redhat.com/show_bug.cgi?id=2270064
https://bugzilla.redhat.com/show_bug.cgi?id=2270446
https://bugzilla.redhat.com/show_bug.cgi?id=2271593
https://bugzilla.redhat.com/show_bug.cgi?id=2271804
https://bugzilla.redhat.com/show_bug.cgi?id=2271921
https://bugzilla.redhat.com/show_bug.cgi?id=2272386
https://bugzilla.redhat.com/show_bug.cgi?id=2272469
https://bugzilla.redhat.com/show_bug.cgi?id=2272528
https://bugzilla.redhat.com/show_bug.cgi?id=2272644
https://bugzilla.redhat.com/show_bug.cgi?id=2272664
https://bugzilla.redhat.com/show_bug.cgi?id=2272666
https://bugzilla.redhat.com/show_bug.cgi?id=2272928
https://bugzilla.redhat.com/show_bug.cgi?id=2272932
https://bugzilla.redhat.com/show_bug.cgi?id=2272938
https://bugzilla.redhat.com/show_bug.cgi?id=2273305
https://bugzilla.redhat.com/show_bug.cgi?id=2273336
https://bugzilla.redhat.com/show_bug.cgi?id=2273386
https://bugzilla.redhat.com/show_bug.cgi?id=2273387
https://bugzilla.redhat.com/show_bug.cgi?id=2273398
https://bugzilla.redhat.com/show_bug.cgi?id=2273533
https://bugzilla.redhat.com/show_bug.cgi?id=2273553
https://bugzilla.redhat.com/show_bug.cgi?id=2273560
https://bugzilla.redhat.com/show_bug.cgi?id=2273605
https://bugzilla.redhat.com/show_bug.cgi?id=2273702
https://bugzilla.redhat.com/show_bug.cgi?id=2273705
https://bugzilla.redhat.com/show_bug.cgi?id=2274107
https://bugzilla.redhat.com/show_bug.cgi?id=2274175
https://bugzilla.redhat.com/show_bug.cgi?id=2274193
https://bugzilla.redhat.com/show_bug.cgi?id=2274324
https://bugzilla.redhat.com/show_bug.cgi?id=2274373
https://bugzilla.redhat.com/show_bug.cgi?id=2274381
https://bugzilla.redhat.com/show_bug.cgi?id=2274392
https://bugzilla.redhat.com/show_bug.cgi?id=2274476
https://bugzilla.redhat.com/show_bug.cgi?id=2274548
https://bugzilla.redhat.com/show_bug.cgi?id=2274728
https://bugzilla.redhat.com/show_bug.cgi?id=2274734
https://bugzilla.redhat.com/show_bug.cgi?id=2274750
https://bugzilla.redhat.com/show_bug.cgi?id=2274757
https://bugzilla.redhat.com/show_bug.cgi?id=2274765
https://bugzilla.redhat.com/show_bug.cgi?id=2275049
https://bugzilla.redhat.com/show_bug.cgi?id=2275181
https://bugzilla.redhat.com/show_bug.cgi?id=2275222
https://bugzilla.redhat.com/show_bug.cgi?id=2275254
https://bugzilla.redhat.com/show_bug.cgi?id=2275413
https://bugzilla.redhat.com/show_bug.cgi?id=2275456
https://bugzilla.redhat.com/show_bug.cgi?id=2275484
https://bugzilla.redhat.com/show_bug.cgi?id=2275886
https://bugzilla.redhat.com/show_bug.cgi?id=2275935
https://bugzilla.redhat.com/show_bug.cgi?id=2276028
https://bugzilla.redhat.com/show_bug.cgi?id=2276055
https://bugzilla.redhat.com/show_bug.cgi?id=2276056
https://bugzilla.redhat.com/show_bug.cgi?id=2276135
https://bugzilla.redhat.com/show_bug.cgi?id=2276222
https://bugzilla.redhat.com/show_bug.cgi?id=2276344
https://bugzilla.redhat.com/show_bug.cgi?id=2276353
https://bugzilla.redhat.com/show_bug.cgi?id=2276366
https://bugzilla.redhat.com/show_bug.cgi?id=2276413
https://bugzilla.redhat.com/show_bug.cgi?id=2276438
https://bugzilla.redhat.com/show_bug.cgi?id=2276591
https://bugzilla.redhat.com/show_bug.cgi?id=2276593
https://bugzilla.redhat.com/show_bug.cgi?id=2276694
https://bugzilla.redhat.com/show_bug.cgi?id=2276913
https://bugzilla.redhat.com/show_bug.cgi?id=2276941
https://bugzilla.redhat.com/show_bug.cgi?id=2277184
https://bugzilla.redhat.com/show_bug.cgi?id=2277186
https://bugzilla.redhat.com/show_bug.cgi?id=2277711
https://bugzilla.redhat.com/show_bug.cgi?id=2277766
https://bugzilla.redhat.com/show_bug.cgi?id=2277770
https://bugzilla.redhat.com/show_bug.cgi?id=2277773
https://bugzilla.redhat.com/show_bug.cgi?id=2277785
https://bugzilla.redhat.com/show_bug.cgi?id=2278120
https://bugzilla.redhat.com/show_bug.cgi?id=2278389
https://bugzilla.redhat.com/show_bug.cgi?id=2278593
https://bugzilla.redhat.com/show_bug.cgi?id=2278603
https://bugzilla.redhat.com/show_bug.cgi?id=2278606
https://bugzilla.redhat.com/show_bug.cgi?id=2278676
https://bugzilla.redhat.com/show_bug.cgi?id=2278681
https://bugzilla.redhat.com/show_bug.cgi?id=2278684
https://bugzilla.redhat.com/show_bug.cgi?id=2278799
https://bugzilla.redhat.com/show_bug.cgi?id=2278815
https://bugzilla.redhat.com/show_bug.cgi?id=2279742
https://bugzilla.redhat.com/show_bug.cgi?id=2279860
https://bugzilla.redhat.com/show_bug.cgi?id=2279928
https://bugzilla.redhat.com/show_bug.cgi?id=2280342
https://bugzilla.redhat.com/show_bug.cgi?id=2280378
https://bugzilla.redhat.com/show_bug.cgi?id=2280657
https://bugzilla.redhat.com/show_bug.cgi?id=2280813
https://bugzilla.redhat.com/show_bug.cgi?id=2280818
https://bugzilla.redhat.com/show_bug.cgi?id=2280820
https://bugzilla.redhat.com/show_bug.cgi?id=2280834
https://bugzilla.redhat.com/show_bug.cgi?id=2280921
https://bugzilla.redhat.com/show_bug.cgi?id=2280946
https://bugzilla.redhat.com/show_bug.cgi?id=2280953
https://bugzilla.redhat.com/show_bug.cgi?id=2281580
https://bugzilla.redhat.com/show_bug.cgi?id=2281722
https://bugzilla.redhat.com/show_bug.cgi?id=2281729
https://bugzilla.redhat.com/show_bug.cgi?id=2282243
https://bugzilla.redhat.com/show_bug.cgi?id=2282254
https://bugzilla.redhat.com/show_bug.cgi?id=2282284
https://bugzilla.redhat.com/show_bug.cgi?id=2282314
https://bugzilla.redhat.com/show_bug.cgi?id=2282543
https://bugzilla.redhat.com/show_bug.cgi?id=2282834
https://bugzilla.redhat.com/show_bug.cgi?id=2283024
https://bugzilla.redhat.com/show_bug.cgi?id=2283489
https://bugzilla.redhat.com/show_bug.cgi?id=2283621
https://bugzilla.redhat.com/show_bug.cgi?id=2283629
https://bugzilla.redhat.com/show_bug.cgi?id=2283651
https://bugzilla.redhat.com/show_bug.cgi?id=2283797
https://bugzilla.redhat.com/show_bug.cgi?id=2283820
https://bugzilla.redhat.com/show_bug.cgi?id=2283965
https://bugzilla.redhat.com/show_bug.cgi?id=2283981
https://bugzilla.redhat.com/show_bug.cgi?id=2284090
https://bugzilla.redhat.com/show_bug.cgi?id=2284430
https://bugzilla.redhat.com/show_bug.cgi?id=2284652
https://bugzilla.redhat.com/show_bug.cgi?id=2290677
https://bugzilla.redhat.com/show_bug.cgi?id=2290847
https://bugzilla.redhat.com/show_bug.cgi?id=2291132
https://bugzilla.redhat.com/show_bug.cgi?id=2291182
https://bugzilla.redhat.com/show_bug.cgi?id=2291255
https://bugzilla.redhat.com/show_bug.cgi?id=2291301
https://bugzilla.redhat.com/show_bug.cgi?id=2291305
https://bugzilla.redhat.com/show_bug.cgi?id=2291336
https://bugzilla.redhat.com/show_bug.cgi?id=2292114
https://bugzilla.redhat.com/show_bug.cgi?id=2292241
https://bugzilla.redhat.com/show_bug.cgi?id=2292777
https://bugzilla.redhat.com/show_bug.cgi?id=2293200
https://bugzilla.redhat.com/show_bug.cgi?id=2293621
https://bugzilla.redhat.com/show_bug.cgi?id=2293634
https://bugzilla.redhat.com/show_bug.cgi?id=2293881
https://bugzilla.redhat.com/show_bug.cgi?id=2294383
https://bugzilla.redhat.com/show_bug.cgi?id=2296991


文章来源: https://packetstormsecurity.com/files/179581/RHSA-2024-4591-03.txt
如有侵权请联系:admin#unsafe.sh