RHSA-2023:5009

Description

Red Hat Security Advisory: OpenShift Container Platform 4.14.0 security update

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Systems

• redhat•afterburn

  < 0:5.4.3-1.rhaos4.14.el9

• redhat•afterburn-debuginfo

  < 0:5.4.3-1.rhaos4.14.el9

• redhat•afterburn-dracut

  < 0:5.4.3-1.rhaos4.14.el9

• redhat•bpftool

  < 0:7.0.0-284.36.1.el9_2

• redhat•bpftool-debuginfo

  < 0:7.0.0-284.36.1.el9_2

• redhat•buildah

  < 1:1.29.1-10.1.rhaos4.14.el8 | < 1:1.29.1-10.1.rhaos4.14.el9

• redhat•buildah-debuginfo

  < 1:1.29.1-10.1.rhaos4.14.el8 | < 1:1.29.1-10.1.rhaos4.14.el9

• redhat•buildah-debugsource

  < 1:1.29.1-10.1.rhaos4.14.el8 | < 1:1.29.1-10.1.rhaos4.14.el9

• redhat•buildah-tests

  < 1:1.29.1-10.1.rhaos4.14.el8 | < 1:1.29.1-10.1.rhaos4.14.el9

• redhat•buildah-tests-debuginfo

  < 1:1.29.1-10.1.rhaos4.14.el8 | < 1:1.29.1-10.1.rhaos4.14.el9

• redhat•butane

  < 0:0.19.0-1.1.rhaos4.14.el8

• redhat•butane-debuginfo

  < 0:0.19.0-1.1.rhaos4.14.el8

• redhat•butane-debugsource

  < 0:0.19.0-1.1.rhaos4.14.el8

• redhat•butane-redistributable

  < 0:0.19.0-1.1.rhaos4.14.el8

• redhat•catch

  < 0:3.3.2-1.el9

• redhat•catch-debuginfo

  < 0:3.3.2-1.el9

• redhat•catch-debugsource

  < 0:3.3.2-1.el9

• redhat•catch-devel

  < 0:3.3.2-1.el9

• redhat•conmon

  < 3:2.1.7-3.1.rhaos4.14.el8 | < 3:2.1.7-3.1.rhaos4.14.el9

• redhat•conmon-debuginfo

  < 3:2.1.7-3.1.rhaos4.14.el8 | < 3:2.1.7-3.1.rhaos4.14.el9

• redhat•conmon-debugsource

  < 3:2.1.7-3.1.rhaos4.14.el8 | < 3:2.1.7-3.1.rhaos4.14.el9

• redhat•container-selinux

  < 3:2.221.0-1.rhaos4.14.el8 | < 3:2.221.0-2.rhaos4.14.el9

• redhat•containernetworking-plugins

  < 0:1.0.1-11.1.rhaos4.14.el8

• redhat•containernetworking-plugins-debuginfo

  < 0:1.0.1-11.1.rhaos4.14.el8

• redhat•containernetworking-plugins-debugsource

  < 0:1.0.1-11.1.rhaos4.14.el8

• redhat•containers-common

  < 2:1-51.rhaos4.14.el8

• redhat•coreos-installer

  < 0:0.17.0-1.rhaos4.14.el8 | < 0:0.17.0-1.rhaos4.14.el9

• redhat•coreos-installer-bootinfra

  < 0:0.17.0-1.rhaos4.14.el8 | < 0:0.17.0-1.rhaos4.14.el9

• redhat•coreos-installer-bootinfra-debuginfo

  < 0:0.17.0-1.rhaos4.14.el8 | < 0:0.17.0-1.rhaos4.14.el9

• redhat•coreos-installer-debuginfo

  < 0:0.17.0-1.rhaos4.14.el8 | < 0:0.17.0-1.rhaos4.14.el9

• redhat•coreos-installer-debugsource

  < 0:0.17.0-1.rhaos4.14.el8 | < 0:0.17.0-1.rhaos4.14.el9

• redhat•coreos-installer-dracut

  < 0:0.17.0-1.rhaos4.14.el8 | < 0:0.17.0-1.rhaos4.14.el9

• redhat•cri-o

  < 0:1.27.1-8.1.rhaos4.14.git3fecb83.el8 | < 0:1.27.1-8.1.rhaos4.14.git3fecb83.el9

• redhat•cri-o-debuginfo

  < 0:1.27.1-8.1.rhaos4.14.git3fecb83.el8 | < 0:1.27.1-8.1.rhaos4.14.git3fecb83.el9

• redhat•cri-o-debugsource

  < 0:1.27.1-8.1.rhaos4.14.git3fecb83.el8 | < 0:1.27.1-8.1.rhaos4.14.git3fecb83.el9

• redhat•cri-tools

  < 0:1.27.0-2.1.el8 | < 0:1.27.0-2.1.el9

• redhat•cri-tools-debuginfo

  < 0:1.27.0-2.1.el8 | < 0:1.27.0-2.1.el9

• redhat•cri-tools-debugsource

  < 0:1.27.0-2.1.el8 | < 0:1.27.0-2.1.el9

• redhat•crun

  < 0:1.9.2-1.rhaos4.14.el8 | < 0:1.9.2-1.rhaos4.14.el9

• redhat•crun-debuginfo

  < 0:1.9.2-1.rhaos4.14.el8 | < 0:1.9.2-1.rhaos4.14.el9

• redhat•crun-debugsource

  < 0:1.9.2-1.rhaos4.14.el8 | < 0:1.9.2-1.rhaos4.14.el9

• redhat•crun-wasm

  < 0:0.0-3.rhaos4.14.el8 | < 0:1.8.5-3.rhaos4.14.el9

• redhat•crun-wasm-debuginfo

  < 0:1.8.5-3.rhaos4.14.el9

• redhat•crun-wasm-debugsource

  < 0:1.8.5-3.rhaos4.14.el9

• redhat•fmt

  < 0:9.1.0-1.el9

• redhat•fmt-debuginfo

  < 0:9.1.0-1.el9

• redhat•fmt-debugsource

  < 0:9.1.0-1.el9

• redhat•fmt-devel

  < 0:9.1.0-1.el9

• redhat•gmock

  < 0:1.13.0-1.el9

• redhat•gmock-debuginfo

  < 0:1.13.0-1.el9

Showing first 50 affected entries in server-rendered view.

References (101)

• https://access.redhat.com/errata/RHSA-2023:5009
• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/security/vulnerabilities/RHSB-2023-001
• https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
• https://bugzilla.redhat.com/show_bug.cgi?id=2124669
• https://bugzilla.redhat.com/show_bug.cgi?id=2212085
• https://bugzilla.redhat.com/show_bug.cgi?id=2213279
• https://bugzilla.redhat.com/show_bug.cgi?id=2221034
• https://bugzilla.redhat.com/show_bug.cgi?id=2224245
• https://bugzilla.redhat.com/show_bug.cgi?id=2228689
• https://bugzilla.redhat.com/show_bug.cgi?id=2237773
• https://bugzilla.redhat.com/show_bug.cgi?id=2237776
• https://bugzilla.redhat.com/show_bug.cgi?id=2237777
• https://bugzilla.redhat.com/show_bug.cgi?id=2237778
• https://bugzilla.redhat.com/show_bug.cgi?id=2242803
• https://bugzilla.redhat.com/show_bug.cgi?id=2243296
• https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5009.json
• https://access.redhat.com/security/cve/CVE-2022-27664
• https://www.cve.org/CVERecord?id=CVE-2022-27664
• https://nvd.nist.gov/vuln/detail/CVE-2022-27664
• https://go.dev/issue/54658
• https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ
• https://access.redhat.com/security/cve/CVE-2023-2727
• https://bugzilla.redhat.com/show_bug.cgi?id=2211322
• https://www.cve.org/CVERecord?id=CVE-2023-2727
• https://nvd.nist.gov/vuln/detail/CVE-2023-2727
• https://github.com/kubernetes/kubernetes/issues/118640
• https://access.redhat.com/security/cve/CVE-2023-2728
• https://bugzilla.redhat.com/show_bug.cgi?id=2211348
• https://www.cve.org/CVERecord?id=CVE-2023-2728
• https://nvd.nist.gov/vuln/detail/CVE-2023-2728
• https://access.redhat.com/security/cve/CVE-2023-3089
• https://www.cve.org/CVERecord?id=CVE-2023-3089
• https://nvd.nist.gov/vuln/detail/CVE-2023-3089
• https://access.redhat.com/security/cve/CVE-2023-3153
• https://www.cve.org/CVERecord?id=CVE-2023-3153
• https://nvd.nist.gov/vuln/detail/CVE-2023-3153
• https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd
• https://github.com/ovn-org/ovn/issues/198
• https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html
• https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html
• https://access.redhat.com/security/cve/CVE-2023-3978
• https://www.cve.org/CVERecord?id=CVE-2023-3978
• https://nvd.nist.gov/vuln/detail/CVE-2023-3978
• https://go.dev/cl/514896
• https://go.dev/issue/61615
• https://pkg.go.dev/vuln/GO-2023-1988
• https://access.redhat.com/security/cve/CVE-2023-29409
• https://bugzilla.redhat.com/show_bug.cgi?id=2228743
• https://www.cve.org/CVERecord?id=CVE-2023-29409
• https://nvd.nist.gov/vuln/detail/CVE-2023-29409
• https://go.dev/cl/515257
• https://go.dev/issue/61460
• https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ
• https://pkg.go.dev/vuln/GO-2023-1987
• https://access.redhat.com/security/cve/CVE-2023-29824
• https://www.cve.org/CVERecord?id=CVE-2023-29824
• https://nvd.nist.gov/vuln/detail/CVE-2023-29824
• http://www.square16.org/achievement/cve-2023-29824/
• https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565
• https://access.redhat.com/security/cve/CVE-2023-37788
• https://www.cve.org/CVERecord?id=CVE-2023-37788
• https://nvd.nist.gov/vuln/detail/CVE-2023-37788
• https://github.com/advisories/GHSA-4r8x-2p26-976p
• https://github.com/elazarl/goproxy/issues/502
• https://github.com/elazarl/goproxy/pull/507
• https://access.redhat.com/security/cve/CVE-2023-39318
• https://www.cve.org/CVERecord?id=CVE-2023-39318
• https://nvd.nist.gov/vuln/detail/CVE-2023-39318
• https://go.dev/cl/526156
• https://go.dev/issue/62196
• https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ
• https://vuln.go.dev/ID/GO-2023-2041.json
• https://access.redhat.com/security/cve/CVE-2023-39319
• https://www.cve.org/CVERecord?id=CVE-2023-39319
• https://nvd.nist.gov/vuln/detail/CVE-2023-39319
• https://go.dev/cl/526157
• https://go.dev/issue/62197
• https://vuln.go.dev/ID/GO-2023-2043.json
• https://access.redhat.com/security/cve/CVE-2023-39321
• https://www.cve.org/CVERecord?id=CVE-2023-39321
• https://nvd.nist.gov/vuln/detail/CVE-2023-39321
• https://go.dev/cl/523039
• https://go.dev/issue/62266
• https://vuln.go.dev/ID/GO-2023-2044.json
• https://access.redhat.com/security/cve/CVE-2023-39322
• https://www.cve.org/CVERecord?id=CVE-2023-39322
• https://nvd.nist.gov/vuln/detail/CVE-2023-39322
• https://vuln.go.dev/ID/GO-2023-2045.json
• https://access.redhat.com/security/cve/CVE-2023-39325
• https://www.cve.org/CVERecord?id=CVE-2023-39325
• https://nvd.nist.gov/vuln/detail/CVE-2023-39325
• https://access.redhat.com/security/cve/CVE-2023-44487
• https://go.dev/issue/63417
• https://pkg.go.dev/vuln/GO-2023-2102
• https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
• https://www.cve.org/CVERecord?id=CVE-2023-44487
• https://nvd.nist.gov/vuln/detail/CVE-2023-44487
• https://github.com/dotnet/announcements/issues/277
• https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog