Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:3910
HistoryJul 06, 2023 - 2:36 a.m.

(RHSA-2023:3910) Important: Red Hat OpenShift Enterprise security update

2023-07-0602:36:21
access.redhat.com
21
red hat openshift
enterprise
security update
rpm packages
container platform 4.10.63
cve-2023-3089
cve-2023-24540
cve-2022-41717
upgrading
cli
web console

0.003 Low

EPSS

Percentile

69.0%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.63. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:3911

Security Fix(es):

  • openshift: OCP & FIPS mode (CVE-2023-3089)

  • golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)

  • golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

OSVersionArchitecturePackageVersionFilename
RedHat8ppc64lekernel-modules-extra< 4.18.0-305.95.1.el8_4kernel-modules-extra-4.18.0-305.95.1.el8_4.ppc64le.rpm
RedHat8aarch64kernel-modules< 4.18.0-305.95.1.el8_4kernel-modules-4.18.0-305.95.1.el8_4.aarch64.rpm
RedHat8s390xpodman-plugins< 3.2.3-1.1.rhaos4.10.el8podman-plugins-3.2.3-1.1.rhaos4.10.el8.s390x.rpm
RedHat8x86_64kernel-debuginfo< 4.18.0-305.95.1.el8_4kernel-debuginfo-4.18.0-305.95.1.el8_4.x86_64.rpm
RedHat8aarch64python3-perf-debuginfo< 4.18.0-305.95.1.el8_4python3-perf-debuginfo-4.18.0-305.95.1.el8_4.aarch64.rpm
RedHat8x86_64podman-debuginfo< 3.2.3-1.1.rhaos4.10.el8podman-debuginfo-3.2.3-1.1.rhaos4.10.el8.x86_64.rpm
RedHat8x86_64buildah-debugsource< 1.19.9-1.1.el8buildah-debugsource-1.19.9-1.1.el8.x86_64.rpm
RedHat8ppc64lecontainers-common< 1.2.4-1.1.el8containers-common-1.2.4-1.1.el8.ppc64le.rpm
RedHat8ppc64lekernel-selftests-internal< 4.18.0-305.95.1.el8_4kernel-selftests-internal-4.18.0-305.95.1.el8_4.ppc64le.rpm
RedHat8ppc64lekernel-debug< 4.18.0-305.95.1.el8_4kernel-debug-4.18.0-305.95.1.el8_4.ppc64le.rpm
Rows per page:
1-10 of 2411

Related

redhat 10
nessus 64
redhatcve 3
osv 11
almalinux 3
wolfi 1
cvelist 3
oraclelinux 3
rocky 1
prion 3
ibm 11
nvd 3
cbl_mariner 12
fedora 23
openvas 31
debiancve 2
veracode 2
cve 3
amazon 1
ubuntucve 2
gitlab 1
mageia 1
cgr 1
alpinelinux 2
github 1
photon 1
redhat
redhat
(RHSA-2023:3911) Important: OpenShift Container Platform 4.10.63 security update
2023-07-06 02:30:00
(RHSA-2023:3914) Important: Red Hat OpenShift Enterprise security update
2023-07-06 02:27:22
(RHSA-2023:4420) Important: OpenShift Virtualization 4.12.5 RPMs security and bug fix update
2023-08-01 14:32:33
nessus
nessus
RHCOS 4 : Red Hat OpenShift Enterprise (RHSA-2023:3910)
2024-01-24 00:00:00
RHEL 7 / 8 : Red Hat OpenShift Enterprise (RHSA-2023:3910)
2024-04-28 00:00:00
RHCOS 4 : Red Hat OpenShift Enterprise (RHSA-2023:3914)
2024-01-24 00:00:00
redhatcve
redhatcve
CVE-2023-24540
2023-05-08 09:52:44
CVE-2023-3089
2023-07-05 12:17:52
CVE-2022-41717
2023-01-16 13:04:59
osv
osv
CVE-2023-24540
2023-05-11 16:15:09
BIT-golang-2023-24540
2024-03-06 10:56:09
Important: go-toolset:rhel8 security update
2023-05-25 00:00:00
almalinux
almalinux
Important: go-toolset and golang security update
2023-05-25 00:00:00
Important: go-toolset:rhel8 security update
2023-05-25 00:00:00
Moderate: conmon security and bug fix update
2023-05-09 00:00:00
wolfi
wolfi
CVE-2023-24540 vulnerabilities
2024-06-29 09:08:33
cvelist
cvelist
CVE-2023-24540 Improper handling of JavaScript whitespace in html/template
2023-05-11 15:29:31
CVE-2023-3089 Ocp & fips mode
2023-07-05 12:21:03
CVE-2022-41717 Excessive memory growth in net/http and golang.org/x/net/http2
2022-12-08 19:03:53
oraclelinux
oraclelinux
go-toolset and golang security update
2023-05-25 00:00:00
conmon security and bug fix update
2023-05-15 00:00:00
go-toolset:ol8 security update
2023-05-25 00:00:00
rocky
rocky
go-toolset:Rocky Linux8 security update
2023-05-25 17:22:28
prion
prion
Code injection
2023-05-11 16:15:00
Design/Logic Flaw
2022-12-08 20:15:00
Design/Logic Flaw
2023-07-05 13:15:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTML injection in Go [CVE-2023-24540]
2023-07-27 17:04:44
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Go HTML injection vulnerability [CVE-2023-24540]
2024-01-31 13:30:47
Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to HTML injection due to [CVE-2023-24540]
2023-06-28 15:18:46
nvd
nvd
CVE-2023-24540
2023-05-11 16:15:09
CVE-2022-41717
2022-12-08 20:15:10
CVE-2023-3089
2023-07-05 13:15:09
cbl_mariner
cbl_mariner
CVE-2023-24540 affecting package golang for versions less than 1.21.6-1
2024-06-29 09:08:32
CVE-2022-41717 affecting package sriov-network-device-plugin for versions less than 3.6.2-2
2024-02-25 03:00:06
CVE-2022-41717 affecting package golang for versions less than 1.18.8-2
2023-01-03 21:02:14
fedora
fedora
[SECURITY] Fedora 36 Update: golang-github-google-dap-0.7.0-1.fc36
2023-02-10 01:26:12
[SECURITY] Fedora 36 Update: pack-0.29.0~rc1-1.fc36
2023-03-18 05:04:22
[SECURITY] Fedora 38 Update: golang-github-schollz-mnemonicode-1.0.1-6.20230519git63fa713.fc38
2023-07-04 01:34:12
openvas
openvas
Fedora: Security Advisory for aerc (FEDORA-2023-6cfe7492c1)
2023-07-26 00:00:00
Fedora: Security Advisory for containernetworking-plugins (FEDORA-2023-c0149844e2)
2023-03-19 00:00:00
Fedora: Security Advisory for syncthing (FEDORA-2023-6d71ff268e)
2023-02-04 00:00:00
debiancve
debiancve
CVE-2022-41717
2022-12-08 20:15:10
CVE-2023-24540
2023-05-11 16:15:09
veracode
veracode
Denial Of Service (DoS)
2022-12-09 16:54:12
Improper Sanitization
2023-05-14 11:44:15
cve
cve
CVE-2022-41717
2022-12-08 20:15:10
CVE-2023-3089
2023-07-05 13:15:09
CVE-2023-24540
2023-05-11 16:15:09
amazon
amazon
Medium: golang
2023-01-30 16:02:00
ubuntucve
ubuntucve
CVE-2022-41717
2022-12-08 00:00:00
CVE-2023-24540
2023-05-11 00:00:00
gitlab
gitlab
Allocation of Resources Without Limits or Throttling
2022-12-08 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2022-12-17 21:48:08
cgr
cgr
CVE-2023-24540 vulnerabilities
2024-05-19 03:07:16
alpinelinux
alpinelinux
CVE-2023-24540
2023-05-11 16:15:09
CVE-2022-41717
2022-12-08 20:15:10
github
github
golang.org/x/net/http2 vulnerable to possible excessive memory growth
2022-12-08 21:30:19
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0305
2022-12-31 00:00:00

0.003 Low

EPSS

Percentile

69.0%

JSON
Related for RHSA-2023:3910
redhat10nessus64redhatcve3osv11almalinux3wolfi1cvelist3oraclelinux3rocky1prion3ibm11nvd3cbl_mariner12fedora23openvas31debiancve2veracode2cve3amazon1ubuntucve2gitlab1mageia1cgr1alpinelinux2github1photon1