Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:0774
HistoryFeb 21, 2023 - 6:04 p.m.

(RHSA-2023:0774) Important: OpenShift Container Platform 4.11.28 security update

2023-02-2118:04:40
access.redhat.com
41
openshift platform
security update
goutils
golang
cve-2021-4238
cve-2021-38561
cve-2022-41717
cluster upgrade

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.013 Low

EPSS

Percentile

85.6%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.28. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2023:0773

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Security Fix(es):

  • goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)

  • golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)

  • golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Related

redhat 22
osv 19
almalinux 7
oraclelinux 8
nessus 77
suse 2
altlinux 2
ibm 4
rocky 4
openvas 27
photon 2
freebsd 1
fedora 3
mageia 1
ubuntu 5
amazon 2
centos 1
ubuntucve 1
redos 2
hivepro 2
cloudfoundry 2
debian 2
thn 1
slackware 1
rosalinux 1
redhat
redhat
(RHSA-2023:0895) Moderate: OpenShift Container Platform 4.11.29 security update
2023-02-28 07:36:21
(RHSA-2023:0899) Important: OpenShift Container Platform 4.10.53 bug fix and security update
2023-03-01 08:41:30
(RHSA-2023:2780) Moderate: Image Builder security, bug fix, and enhancement update
2023-05-16 05:54:33
osv
osv
Moderate: Image Builder security, bug fix, and enhancement update
2023-05-16 00:00:00
Moderate: go-toolset and golang security and bug fix update
2023-01-23 00:00:00
Moderate: go-toolset:rhel8 security and bug fix update
2023-01-25 00:00:00
almalinux
almalinux
Moderate: Image Builder security, bug fix, and enhancement update
2023-05-09 00:00:00
Moderate: Image Builder security, bug fix, and enhancement update
2023-05-16 00:00:00
Moderate: go-toolset:rhel8 security and bug fix update
2023-01-25 00:00:00
oraclelinux
oraclelinux
go-toolset and golang security and bug fix update
2023-01-24 00:00:00
Image Builder security, bug fix, and enhancement update
2023-05-15 00:00:00
git-lfs security and bug fix update
2023-05-24 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : go1.19 (SUSE-SU-2022:3669-1)
2022-10-20 00:00:00
CentOS 8 : git-lfs (CESA-2023:2866)
2023-05-16 00:00:00
RHEL 8 : Image Builder (RHSA-2023:2780)
2023-05-20 00:00:00
suse
suse
Security update for go1.18 (important)
2022-10-20 00:00:00
Security update for go1.19 (important)
2022-10-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.18.7-alt1
2022-10-18 00:00:00
Security fix for the ALT Linux 10 package git version 2.33.6-alt1
2023-01-20 00:00:00
ibm
ibm
Security Bulletin: CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Standard
2023-03-16 15:25:14
Security Bulletin: CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Advanced
2023-03-16 15:24:48
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration is vulnerable to multiple Go vulnerabilities
2023-01-31 10:35:36
rocky
rocky
go-toolset:rhel8 security and bug fix update
2023-01-25 08:59:15
go-toolset and golang security and bug fix update
2023-01-23 14:30:17
git security update
2023-02-06 19:26:44
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3668-1)
2022-10-20 00:00:00
Fedora: Security Advisory for golang (FEDORA-2022-59a20edab2)
2022-10-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3669-1)
2022-10-20 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0273
2022-11-02 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0273
2022-11-02 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2022-10-04 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: golang-1.19.2-1.fc37
2022-10-17 22:55:43
[SECURITY] Fedora 37 Update: git-2.39.1-1.fc37
2023-01-21 03:35:26
[SECURITY] Fedora 36 Update: git-2.39.1-1.fc36
2023-01-21 03:44:31
mageia
mageia
Updated golang packages fix security vulnerability
2022-10-19 02:14:56
ubuntu
ubuntu
Git vulnerabilities
2023-03-01 00:00:00
Git regression
2023-01-19 00:00:00
Git vulnerabilities
2023-02-07 00:00:00
amazon
amazon
Important: git
2023-01-30 16:02:00
Important: git
2023-01-31 20:44:00
centos
centos
emacs, git, gitk, gitweb, perl security update
2023-03-01 14:01:43
ubuntucve
ubuntucve
CVE-2022-4338
2023-01-10 00:00:00
redos
redos
ROS-20230117-02
2023-01-17 00:00:00
ROS-20230418-03
2023-04-18 00:00:00
hivepro
hivepro
GitLab releases new CE and EE versions to address integer overflow vulnerabilities
2023-01-19 12:24:06
Kasablanka Group Launches Phishing Campaigns Targeting Russian Government Entities
2023-01-19 13:36:44
cloudfoundry
cloudfoundry
USN-5810-1: Git vulnerabilities | Cloud Foundry
2023-02-23 00:00:00
USN-5810-2: Git regression | Cloud Foundry
2023-02-24 00:00:00
debian
debian
[SECURITY] [DLA 3253-1] openvswitch security update
2022-12-31 14:57:34
[SECURITY] [DSA 5319-1] openvswitch security update
2023-01-13 19:23:15
thn
thn
Git Users Urged to Update Software to Prevent Remote Code Execution Attacks
2023-01-18 09:28:00
slackware
slackware
[slackware-security] git
2023-01-18 06:22:27
rosalinux
rosalinux
Advisory ROSA-SA-2023-2130
2023-03-07 12:33:13

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.013 Low

EPSS

Percentile

85.6%

JSON
Related for RHSA-2023:0774
redhat22osv19almalinux7oraclelinux8nessus77suse2altlinux2ibm4rocky4openvas27photon2freebsd1fedora3mageia1ubuntu5amazon2centos1ubuntucve1redos2hivepro2cloudfoundry2debian2thn1slackware1rosalinux1