RHSA-2023:1655

Description

Red Hat Security Advisory: OpenShift Container Platform 4.10.56 security update

CVSS Metrics

• v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• redhat•haproxy

  < 0:2.2.19-4.el8

• redhat•haproxy-debugsource

  < 0:2.2.19-4.el8

• redhat•haproxy22

  < 0:2.2.19-4.el8

• redhat•haproxy22-debuginfo

  < 0:2.2.19-4.el8

• redhat•jenkins

  < 0:2.387.1.1680701869-1.el8

• redhat•jenkins-2-plugins

  < 0:4.10.1680703106-1.el8

• redhat•openshift

  < 0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7 | < 0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8

• redhat•openshift-hyperkube

  < 0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7 | < 0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8

References (57)

• https://access.redhat.com/errata/RHSA-2023:1655
• https://access.redhat.com/security/updates/classification/#critical
• https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
• https://bugzilla.redhat.com/show_bug.cgi?id=2127804
• https://bugzilla.redhat.com/show_bug.cgi?id=2135435
• https://bugzilla.redhat.com/show_bug.cgi?id=2162200
• https://bugzilla.redhat.com/show_bug.cgi?id=2162206
• https://bugzilla.redhat.com/show_bug.cgi?id=2164278
• https://bugzilla.redhat.com/show_bug.cgi?id=2177626
• https://bugzilla.redhat.com/show_bug.cgi?id=2177629
• https://bugzilla.redhat.com/show_bug.cgi?id=2177632
• https://bugzilla.redhat.com/show_bug.cgi?id=2177634
• https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1655.json
• https://access.redhat.com/security/cve/CVE-2022-3172
• https://www.cve.org/CVERecord?id=CVE-2022-3172
• https://nvd.nist.gov/vuln/detail/CVE-2022-3172
• https://github.com/kubernetes/kubernetes/issues/112513
• https://access.redhat.com/security/cve/CVE-2022-31690
• https://www.cve.org/CVERecord?id=CVE-2022-31690
• https://nvd.nist.gov/vuln/detail/CVE-2022-31690
• https://spring.io/security/cve-2022-31690
• https://access.redhat.com/security/cve/CVE-2022-31692
• https://www.cve.org/CVERecord?id=CVE-2022-31692
• https://nvd.nist.gov/vuln/detail/CVE-2022-31692
• https://spring.io/security/cve-2022-31692
• https://access.redhat.com/security/cve/CVE-2022-42889
• https://www.cve.org/CVERecord?id=CVE-2022-42889
• https://nvd.nist.gov/vuln/detail/CVE-2022-42889
• https://blogs.apache.org/security/entry/cve-2022-42889
• https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
• https://seclists.org/oss-sec/2022/q4/22
• https://access.redhat.com/security/cve/CVE-2023-24422
• https://www.cve.org/CVERecord?id=CVE-2023-24422
• https://nvd.nist.gov/vuln/detail/CVE-2023-24422
• https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016
• https://access.redhat.com/security/cve/CVE-2023-25725
• https://bugzilla.redhat.com/show_bug.cgi?id=2169089
• https://www.cve.org/CVERecord?id=CVE-2023-25725
• https://nvd.nist.gov/vuln/detail/CVE-2023-25725
• https://www.haproxy.com/blog/february-2023-header-parser-fixed/
• https://www.mail-archive.com/haproxy@formilux.org/msg43229.html
• https://access.redhat.com/security/cve/CVE-2023-27898
• https://www.cve.org/CVERecord?id=CVE-2023-27898
• https://nvd.nist.gov/vuln/detail/CVE-2023-27898
• https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037
• https://access.redhat.com/security/cve/CVE-2023-27899
• https://www.cve.org/CVERecord?id=CVE-2023-27899
• https://nvd.nist.gov/vuln/detail/CVE-2023-27899
• https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823
• https://access.redhat.com/security/cve/CVE-2023-27903
• https://www.cve.org/CVERecord?id=CVE-2023-27903
• https://nvd.nist.gov/vuln/detail/CVE-2023-27903
• https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058
• https://access.redhat.com/security/cve/CVE-2023-27904
• https://www.cve.org/CVERecord?id=CVE-2023-27904
• https://nvd.nist.gov/vuln/detail/CVE-2023-27904
• https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120