RHSA-2024:0045

Description

Red Hat Security Advisory: OpenShift Container Platform 4.16.0 security update

CVSS Metrics

• v3.1•HIGH•Score: 8.3CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Systems

• redhat•butane

  < 0:0.21.0-1.rhaos4.16.el8

• redhat•butane-debuginfo

  < 0:0.21.0-1.rhaos4.16.el8

• redhat•butane-debugsource

  < 0:0.21.0-1.rhaos4.16.el8

• redhat•butane-redistributable

  < 0:0.21.0-1.rhaos4.16.el8

• redhat•cri-o

  < 0:1.29.5-5.rhaos4.16.git7032128.el8 | < 0:1.29.5-5.rhaos4.16.git7032128.el9

• redhat•cri-o-debuginfo

  < 0:1.29.5-5.rhaos4.16.git7032128.el8 | < 0:1.29.5-5.rhaos4.16.git7032128.el9

• redhat•cri-o-debugsource

  < 0:1.29.5-5.rhaos4.16.git7032128.el8 | < 0:1.29.5-5.rhaos4.16.git7032128.el9

• redhat•cri-tools

  < 0:1.29.0-3.1.el8 | < 0:1.29.0-3.1.el9

• redhat•cri-tools-debuginfo

  < 0:1.29.0-3.1.el8 | < 0:1.29.0-3.1.el9

• redhat•cri-tools-debugsource

  < 0:1.29.0-3.1.el8 | < 0:1.29.0-3.1.el9

• redhat•golang-github-prometheus-promu

  < 0:0.15.0-15.2.gitd5383c5.el9

• redhat•ignition

  < 0:2.18.0-2.1.rhaos4.16.el9

• redhat•ignition-debuginfo

  < 0:2.18.0-2.1.rhaos4.16.el9

• redhat•ignition-debugsource

  < 0:2.18.0-2.1.rhaos4.16.el9

• redhat•ignition-validate

  < 0:2.18.0-2.1.rhaos4.16.el9

• redhat•ignition-validate-debuginfo

  < 0:2.18.0-2.1.rhaos4.16.el9

• redhat•openshift

  < 0:4.16.0-202406170957.p0.g29c95f3.assembly.stream.el8 | < 0:4.16.0-202406170957.p0.g29c95f3.assembly.stream.el9

• redhat•openshift-hyperkube

  < 0:4.16.0-202406170957.p0.g29c95f3.assembly.stream.el8 | < 0:4.16.0-202406170957.p0.g29c95f3.assembly.stream.el9

• redhat•openshift-kube-apiserver

  < 0:4.16.0-202406170957.p0.g29c95f3.assembly.stream.el8 | < 0:4.16.0-202406170957.p0.g29c95f3.assembly.stream.el9

• redhat•openshift-kube-controller-manager

  < 0:4.16.0-202406170957.p0.g29c95f3.assembly.stream.el8 | < 0:4.16.0-202406170957.p0.g29c95f3.assembly.stream.el9

• redhat•openshift-kube-scheduler

  < 0:4.16.0-202406170957.p0.g29c95f3.assembly.stream.el8 | < 0:4.16.0-202406170957.p0.g29c95f3.assembly.stream.el9

• redhat•openshift-kubelet

  < 0:4.16.0-202406170957.p0.g29c95f3.assembly.stream.el8 | < 0:4.16.0-202406170957.p0.g29c95f3.assembly.stream.el9

• redhat•openshift-prometheus-promu

  < 0:0.15.0-15.2.gitd5383c5.el9

• redhat•ose-aws-ecr-image-credential-provider

  < 0:4.16.0-202405311136.p0.ga53e9de.assembly.stream.el8 | < 0:4.16.0-202405311136.p0.ga53e9de.assembly.stream.el9

• redhat•ose-azure-acr-image-credential-provider

  < 0:4.16.0-202404301345.p0.g0e95532.assembly.stream.el8 | < 0:4.16.0-202404301345.p0.g0e95532.assembly.stream.el9

• redhat•ose-gcp-gcr-image-credential-provider

  < 0:4.16.0-202404181812.p0.g26b43df.assembly.stream.el8 | < 0:4.16.0-202404181812.p0.g26b43df.assembly.stream.el9

• redhat•podman

  < 4:4.9.4-5.1.rhaos4.16.el8 | < 4:4.9.4-5.1.rhaos4.16.el9

• redhat•podman-catatonit

  < 4:4.9.4-5.1.rhaos4.16.el8

• redhat•podman-catatonit-debuginfo

  < 4:4.9.4-5.1.rhaos4.16.el8

• redhat•podman-debuginfo

  < 4:4.9.4-5.1.rhaos4.16.el8 | < 4:4.9.4-5.1.rhaos4.16.el9

• redhat•podman-debugsource

  < 4:4.9.4-5.1.rhaos4.16.el8 | < 4:4.9.4-5.1.rhaos4.16.el9

• redhat•podman-docker

  < 4:4.9.4-5.1.rhaos4.16.el8 | < 4:4.9.4-5.1.rhaos4.16.el9

• redhat•podman-gvproxy

  < 4:4.9.4-5.1.rhaos4.16.el8

• redhat•podman-gvproxy-debuginfo

  < 4:4.9.4-5.1.rhaos4.16.el8

• redhat•podman-plugins

  < 4:4.9.4-5.1.rhaos4.16.el8 | < 4:4.9.4-5.1.rhaos4.16.el9

• redhat•podman-plugins-debuginfo

  < 4:4.9.4-5.1.rhaos4.16.el8 | < 4:4.9.4-5.1.rhaos4.16.el9

• redhat•podman-remote

  < 4:4.9.4-5.1.rhaos4.16.el8 | < 4:4.9.4-5.1.rhaos4.16.el9

• redhat•podman-remote-debuginfo

  < 4:4.9.4-5.1.rhaos4.16.el8 | < 4:4.9.4-5.1.rhaos4.16.el9

• redhat•podman-tests

  < 4:4.9.4-5.1.rhaos4.16.el8 | < 4:4.9.4-5.1.rhaos4.16.el9

• redhat•python-eventlet

  < 0:0.33.1-6.el9

• redhat•python3-eventlet

  < 0:0.33.1-6.el9

• redhat•runc

  < 4:1.1.12-3.1.rhaos4.16.el8 | < 4:1.1.12-3.1.rhaos4.16.el9

• redhat•runc-debuginfo

  < 4:1.1.12-3.1.rhaos4.16.el8 | < 4:1.1.12-3.1.rhaos4.16.el9

• redhat•runc-debugsource

  < 4:1.1.12-3.1.rhaos4.16.el8 | < 4:1.1.12-3.1.rhaos4.16.el9

• redhat•skopeo

  < 2:1.14.4-1.rhaos4.16.el8 | < 2:1.14.4-1.rhaos4.16.el9

• redhat•skopeo-debuginfo

  < 2:1.14.4-1.rhaos4.16.el9

• redhat•skopeo-debugsource

  < 2:1.14.4-1.rhaos4.16.el9

• redhat•skopeo-tests

  < 2:1.14.4-1.rhaos4.16.el8 | < 2:1.14.4-1.rhaos4.16.el9

References (60)

• https://access.redhat.com/errata/RHSA-2024:0045
• https://access.redhat.com/security/updates/classification/#important
• https://docs.openshift.com/container-platform/4.16/release_notes/ocp-4-16-release-notes.html
• https://bugzilla.redhat.com/show_bug.cgi?id=2262921
• https://bugzilla.redhat.com/show_bug.cgi?id=2268017
• https://bugzilla.redhat.com/show_bug.cgi?id=2268018
• https://bugzilla.redhat.com/show_bug.cgi?id=2268019
• https://bugzilla.redhat.com/show_bug.cgi?id=2268021
• https://bugzilla.redhat.com/show_bug.cgi?id=2268022
• https://bugzilla.redhat.com/show_bug.cgi?id=2268046
• https://bugzilla.redhat.com/show_bug.cgi?id=2268820
• https://bugzilla.redhat.com/show_bug.cgi?id=2274520
• https://bugzilla.redhat.com/show_bug.cgi?id=2274767
• https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0045.json
• https://access.redhat.com/security/cve/CVE-2023-29483
• https://www.cve.org/CVERecord?id=CVE-2023-29483
• https://nvd.nist.gov/vuln/detail/CVE-2023-29483
• https://www.dnspython.org/news/2.6.0rc1/
• https://access.redhat.com/security/cve/CVE-2023-45289
• https://www.cve.org/CVERecord?id=CVE-2023-45289
• https://nvd.nist.gov/vuln/detail/CVE-2023-45289
• https://access.redhat.com/security/cve/CVE-2023-45290
• https://www.cve.org/CVERecord?id=CVE-2023-45290
• https://nvd.nist.gov/vuln/detail/CVE-2023-45290
• http://www.openwall.com/lists/oss-security/2024/03/08/4
• https://go.dev/cl/569341
• https://go.dev/issue/65383
• https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
• https://pkg.go.dev/vuln/GO-2024-2599
• https://security.netapp.com/advisory/ntap-20240329-0004
• https://access.redhat.com/security/cve/CVE-2024-3727
• https://www.cve.org/CVERecord?id=CVE-2024-3727
• https://nvd.nist.gov/vuln/detail/CVE-2024-3727
• https://access.redhat.com/security/cve/CVE-2024-24783
• https://www.cve.org/CVERecord?id=CVE-2024-24783
• https://nvd.nist.gov/vuln/detail/CVE-2024-24783
• https://github.com/advisories/GHSA-3q2c-pvp5-3cqp
• https://go.dev/cl/569339
• https://go.dev/issue/65390
• https://pkg.go.dev/vuln/GO-2024-2598
• https://security.netapp.com/advisory/ntap-20240329-0005
• https://access.redhat.com/security/cve/CVE-2024-24784
• https://www.cve.org/CVERecord?id=CVE-2024-24784
• https://nvd.nist.gov/vuln/detail/CVE-2024-24784
• https://access.redhat.com/security/cve/CVE-2024-24785
• https://www.cve.org/CVERecord?id=CVE-2024-24785
• https://nvd.nist.gov/vuln/detail/CVE-2024-24785
• https://go.dev/cl/564196
• https://go.dev/issue/65697
• https://vuln.go.dev/ID/GO-2024-2610.json
• https://access.redhat.com/security/cve/CVE-2024-24786
• https://www.cve.org/CVERecord?id=CVE-2024-24786
• https://nvd.nist.gov/vuln/detail/CVE-2024-24786
• https://go.dev/cl/569356
• https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/
• https://pkg.go.dev/vuln/GO-2024-2611
• https://access.redhat.com/security/cve/CVE-2024-28176
• https://www.cve.org/CVERecord?id=CVE-2024-28176
• https://nvd.nist.gov/vuln/detail/CVE-2024-28176
• https://github.com/panva/jose/security/advisories/GHSA-hhhv-q57g-882q