Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:0293
HistoryJan 23, 2024 - 8:33 p.m.

(RHSA-2024:0293) Moderate: OpenShift Container Platform 4.14.10 packages and security update

2024-01-2320:33:05
access.redhat.com
23
red hat openshift
cloud computing
kubernetes
security update
rpm packages
container images
cve-2023-29406
cve-2023-29409
openshift cli

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.1%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.14.10. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:0290

Security Fix(es):

  • golang: net/http: insufficient sanitization of Host header
    (CVE-2023-29406)
  • golang: crypto/tls: slow verification of certificate chains containing
    large RSA keys (CVE-2023-29409)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

OSVersionArchitecturePackageVersionFilename
RedHat8ppc64leopenshift-hyperkube< 4.14.0-202401121302.p0.ge36e183.assembly.stream.el8openshift-hyperkube-4.14.0-202401121302.p0.ge36e183.assembly.stream.el8.ppc64le.rpm
RedHat9x86_64cri-o-debuginfo< 1.27.3-2.rhaos4.14.git03502b6.el9cri-o-debuginfo-1.27.3-2.rhaos4.14.git03502b6.el9.x86_64.rpm
RedHat8aarch64cri-o< 1.27.3-2.rhaos4.14.git03502b6.el8cri-o-1.27.3-2.rhaos4.14.git03502b6.el8.aarch64.rpm
RedHat8x86_64openshift-hyperkube< 4.14.0-202401121302.p0.ge36e183.assembly.stream.el8openshift-hyperkube-4.14.0-202401121302.p0.ge36e183.assembly.stream.el8.x86_64.rpm
RedHat8s390xcri-o-debuginfo< 1.27.3-2.rhaos4.14.git03502b6.el8cri-o-debuginfo-1.27.3-2.rhaos4.14.git03502b6.el8.s390x.rpm
RedHat8s390xcri-o< 1.27.3-2.rhaos4.14.git03502b6.el8cri-o-1.27.3-2.rhaos4.14.git03502b6.el8.s390x.rpm
RedHat9aarch64openshift-clients< 4.14.0-202401111553.p0.g286cfa5.assembly.stream.el9openshift-clients-4.14.0-202401111553.p0.g286cfa5.assembly.stream.el9.aarch64.rpm
RedHat8aarch64cri-o-debuginfo< 1.27.3-2.rhaos4.14.git03502b6.el8cri-o-debuginfo-1.27.3-2.rhaos4.14.git03502b6.el8.aarch64.rpm
RedHat9s390xopenshift-clients< 4.14.0-202401111553.p0.g286cfa5.assembly.stream.el9openshift-clients-4.14.0-202401111553.p0.g286cfa5.assembly.stream.el9.s390x.rpm
RedHat9ppc64leovn23.09-central-debuginfo< 23.09.0-100.el9fdpovn23.09-central-debuginfo-23.09.0-100.el9fdp.ppc64le.rpm
Rows per page:
1-10 of 781

Related

nessus 81
ibm 17
openvas 19
amazon 12
photon 2
redhat 16
osv 11
redhatcve 2
veracode 2
cbl_mariner 6
ubuntucve 2
prion 2
oraclelinux 6
debiancve 2
alpinelinux 2
cve 2
cvelist 2
nvd 2
rocky 2
wolfi 2
almalinux 4
cgr 2
githubexploit 1
nessus
nessus
Amazon Linux 2 : cni-plugins (ALAS-2023-2208)
2023-08-23 00:00:00
Amazon Linux 2023 : docker (ALAS2023-2023-345)
2023-09-20 00:00:00
Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2023-346)
2023-09-20 00:00:00
ibm
ibm
Security Bulletin: IBM Cloud Pak for Data Scheduling was built with a vulnerable golang compiler. ( CVE-2023-29406, CVE-2023-29409 )
2023-12-06 16:00:05
Security Bulletin: Multiple security vulnerabilities in Go may affect IBM Robotic Process Automation for Cloud Pak
2023-11-03 14:26:27
Security Bulletin: Operations Dashboard is vulnerable to header injection due to Golang Go
2023-10-02 16:06:58
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-3006)
2023-10-31 00:00:00
openSUSE: Security Advisory for go1.19 (SUSE-SU-2023:3841-1)
2024-03-04 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-3029)
2023-10-31 00:00:00
amazon
amazon
Important: cni-plugins
2023-08-17 11:58:00
Important: containerd
2023-09-27 22:15:00
Important: golang
2023-08-03 18:10:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-5.0-0066
2023-08-05 00:00:00
Moderate Photon OS Security Update - PHSA-2023-4.0-0484
2023-10-05 00:00:00
redhat
redhat
(RHSA-2023:5738) Important: go-toolset and golang security and bug fix update
2023-10-16 13:49:09
(RHSA-2023:6298) Important: Release of OpenShift Serverless Client kn 1.30.2 security update
2023-11-03 08:42:02
(RHSA-2023:5965) Important: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats, etcd) security update
2023-10-20 14:42:35
osv
osv
Moderate: container-tools:4.0 security and bug fix update
2023-11-28 22:43:02
BIT-golang-2023-29406
2024-03-06 10:55:04
CVE-2023-29406
2023-07-11 20:15:10
redhatcve
redhatcve
CVE-2023-29406
2023-07-21 07:30:20
CVE-2023-29409
2023-08-07 05:18:51
veracode
veracode
CRLF Injection
2023-07-17 03:51:29
Denial Of Service (DoS)
2023-08-04 03:29:08
cbl_mariner
cbl_mariner
CVE-2023-29406 affecting package golang for versions less than 1.20.7-1
2024-07-03 03:08:37
CVE-2023-29406 affecting package golang for versions less than 1.20.7-1
2024-07-03 03:08:31
CVE-2023-29406 affecting package msft-golang for versions less than 1.20.7-1
2024-07-03 03:08:37
ubuntucve
ubuntucve
CVE-2023-29409
2023-08-02 00:00:00
CVE-2023-29406
2023-07-11 00:00:00
prion
prion
Design/Logic Flaw
2023-07-11 20:15:00
Code injection
2023-08-02 20:15:00
oraclelinux
oraclelinux
container-tools:4.0 security and bug fix update
2023-11-22 00:00:00
go-toolset and golang security and bug fix update
2023-10-18 00:00:00
runc security update
2023-12-14 00:00:00
debiancve
debiancve
CVE-2023-29406
2023-07-11 20:15:10
CVE-2023-29409
2023-08-02 20:15:11
alpinelinux
alpinelinux
CVE-2023-29409
2023-08-02 20:15:11
CVE-2023-29406
2023-07-11 20:15:10
cve
cve
CVE-2023-29406
2023-07-11 20:15:10
CVE-2023-29409
2023-08-02 20:15:11
cvelist
cvelist
CVE-2023-29406 Insufficient sanitization of Host header in net/http
2023-07-11 19:23:58
CVE-2023-29409 Large RSA keys can cause high CPU usage in crypto/tls
2023-08-02 19:47:23
nvd
nvd
CVE-2023-29406
2023-07-11 20:15:10
CVE-2023-29409
2023-08-02 20:15:11
rocky
rocky
container-tools:4.0 security and bug fix update
2023-11-28 22:43:02
go-toolset and golang security and bug fix update
2023-10-24 18:37:03
wolfi
wolfi
CVE-2023-29406 vulnerabilities
2024-07-03 09:08:38
CVE-2023-29409 vulnerabilities
2024-07-03 09:08:38
almalinux
almalinux
Moderate: container-tools:4.0 security and bug fix update
2023-11-14 00:00:00
Important: go-toolset and golang security and bug fix update
2023-10-16 00:00:00
Moderate: runc security update
2023-12-12 00:00:00
cgr
cgr
CVE-2023-29406 vulnerabilities
2024-05-19 03:07:16
CVE-2023-29409 vulnerabilities
2024-05-19 03:07:16
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Golang Go
2023-08-21 15:59:26

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.1%

JSON
Related for RHSA-2024:0293
nessus81ibm17openvas19amazon12photon2redhat16osv11redhatcve2veracode2cbl_mariner6ubuntucve2prion2oraclelinux6debiancve2alpinelinux2cve2cvelist2nvd2rocky2wolfi2almalinux4cgr2githubexploit1