OpenShift Virtualization is Red Hat’s virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.14.0 images.
Security Fix(es):
golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)
golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)
containerd: OCI image importer memory exhaustion (CVE-2023-25153)
containerd: Supplementary groups are not set up properly (CVE-2023-25173)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.