Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:6832
HistoryNov 08, 2023 - 6:47 p.m.

(RHSA-2023:6832) Important: Red Hat OpenShift Data Foundation 4.14.0 security, enhancement & bug fix update

2023-11-0818:47:43
access.redhat.com
31
red hat openshift
data foundation
security update
bug fix
http/2
lapack
golang
hashicorp
vault
goproxy

7 High

AI Score

Confidence

High

0.732 High

EPSS

Percentile

98.1%

JSON

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.

Security Fix(es):

  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

  • lapack: Out-of-bounds read in *larrv (CVE-2021-4048)

  • net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

  • Hashicorp/vault: Vault’s LDAP Auth Method Allows for User Enumeration (CVE-2023-3462)

  • golang.org/x/net/html: Cross site scripting (CVE-2023-3978)

  • golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)

  • golang: html/template: improper sanitization of CSS values (CVE-2023-24539)

  • golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)

  • goproxy: Denial of service (DoS) via unspecified vectors (CVE-2023-37788)

  • hashicorp: html injection into web ui (CVE-2023-2121)

  • golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)

  • hashicorp/vault: Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets (CVE-2023-5077)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.14/html/4.14_release_notes/index

All Red Hat OpenShift Data Foundation users are advised to upgrade to these packages that provide these bug fixes and enhancements.

Related

redhat 66
nessus 55
oraclelinux 6
rocky 2
rosalinux 1
osv 10
almalinux 4
ibm 6
openvas 24
debian 2
fedora 6
gentoo 1
ubuntu 3
slackware 1
amazon 1
aix 1
thn 2
paloalto 1
mageia 2
cisco 1
qualysblog 1
cloudfoundry 2
redos 1
redhat
redhat
(RHSA-2023:5693) Moderate: Red Hat Ceph Storage 6.1 security, enhancement, and bug fix update
2023-10-12 16:11:56
(RHSA-2023:6084) Important: RHACS 3.74 enhancement and security update
2023-10-24 14:55:09
(RHSA-2023:6235) Important: OpenShift Virtualization 4.13.5 Images security update
2023-11-01 12:02:34
nessus
nessus
RHEL 9 : Red Hat Ceph Storage 6.1 (RHSA-2023:5693)
2023-10-12 00:00:00
AlmaLinux 9 : glibc (ALSA-2023:5453)
2023-10-06 00:00:00
RHEL 8 : glibc (RHSA-2023:5455)
2023-10-05 00:00:00
oraclelinux
oraclelinux
glibc security update
2023-10-12 00:00:00
glibc security update
2023-12-19 00:00:00
glibc security update
2023-10-10 00:00:00
rocky
rocky
glibc security update
2023-10-06 22:57:06
curl security update
2023-10-24 18:36:52
rosalinux
rosalinux
Advisory ROSA-SA-2024-2332
2024-01-30 08:26:13
osv
osv
Important: glibc security update
2023-10-05 00:00:00
Important: glibc security update
2023-10-06 22:57:06
Important: glibc security update
2023-10-05 00:00:00
almalinux
almalinux
Important: glibc security update
2023-10-05 00:00:00
Important: glibc security update
2023-10-05 00:00:00
Important: curl security update
2023-11-07 00:00:00
ibm
ibm
Security Bulletin: Vulnerability with GNU glibc & libcURL affect IBM Cloud Object Storage Systems (Nov2023v1)
2023-11-14 21:53:56
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, glibc-minimal-langpack, glibc-common, ncurses-libs and Kubernetes
2023-11-16 16:21:31
Security Bulletin: Multiple vulnerabilities affect IBM CICS TX Advanced 11.1 and IBM CICS TX Standard 11.1 (CVE-2023-3978, CVE-2023-44487 and CVE-2023-39325).
2023-12-06 09:46:53
openvas
openvas
Debian: Security Advisory (DSA-5514-1)
2023-10-04 00:00:00
Fedora: Security Advisory for glibc (FEDORA-2023-63e5a77522)
2023-10-05 00:00:00
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1426)
2024-03-21 00:00:00
debian
debian
[SECURITY] [DSA 5514-1] glibc security update
2023-10-03 17:26:13
[SECURITY] [DSA 5523-1] curl security update
2023-10-11 06:58:41
fedora
fedora
[SECURITY] Fedora 37 Update: glibc-2.36-14.fc37
2023-10-04 15:49:21
[SECURITY] Fedora 38 Update: glibc-2.37-10.fc38
2023-10-04 15:52:08
[SECURITY] Fedora 39 Update: glibc-2.38-6.fc39
2023-10-04 17:16:19
gentoo
gentoo
glibc: Multiple vulnerabilities
2023-10-04 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2023-10-17 00:00:00
curl vulnerabilities
2023-10-11 00:00:00
GNU C Library vulnerabilities
2023-10-03 00:00:00
slackware
slackware
[slackware-security] curl
2023-10-11 06:45:13
amazon
amazon
Important: curl
2023-10-10 21:19:00
aix
aix
Multiple vulnerabilities in cURL libcurl affect AIX
2023-12-11 13:22:02
thn
thn
Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released
2023-10-12 04:39:00
Security Patch for Two New Flaws in Curl Library Arriving on October 11
2023-10-09 10:32:00
paloalto
paloalto
Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)
2023-10-12 20:40:00
mageia
mageia
Updated the curl packages to fix two security vulnerabilities
2023-10-14 01:56:51
Updated glibc packages fix security and other bugs
2023-09-27 19:31:30
cisco
cisco
cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
2023-10-12 16:00:00
qualysblog
qualysblog
Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets
2023-10-06 00:14:06
cloudfoundry
cloudfoundry
USN-6429-1: curl vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
USN-6409-1: GNU C Library vulnerabilities | Cloud Foundry
2024-03-18 00:00:00
redos
redos
ROS-20231016-05
2023-10-16 00:00:00

7 High

AI Score

Confidence

High

0.732 High

EPSS

Percentile

98.1%

JSON
Related for RHSA-2023:6832
redhat66nessus55oraclelinux6rocky2rosalinux1osv10almalinux4ibm6openvas24debian2fedora6gentoo1ubuntu3slackware1amazon1aix1thn2paloalto1mageia2cisco1qualysblog1cloudfoundry2redos1