exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2023-1174-01

Red Hat Security Advisory 2023-1174-01
Posted Mar 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-46848, CVE-2022-1122, CVE-2022-1304, CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22662, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-25308
SHA-256 | 067f297c38a2dd5218391ae226ff4d6d71cc034be263ac73a3d02317d7de3604

Red Hat Security Advisory 2023-1174-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update
Advisory ID: RHSA-2023:1174-01
Product: OpenShift API for Data Protection
Advisory URL: https://access.redhat.com/errata/RHSA-2023:1174
Issue date: 2023-03-09
CVE Names: CVE-2021-46848 CVE-2022-1122 CVE-2022-1304
CVE-2022-2056 CVE-2022-2057 CVE-2022-2058
CVE-2022-2519 CVE-2022-2520 CVE-2022-2521
CVE-2022-2867 CVE-2022-2868 CVE-2022-2869
CVE-2022-2879 CVE-2022-2880 CVE-2022-2953
CVE-2022-4415 CVE-2022-4883 CVE-2022-22624
CVE-2022-22628 CVE-2022-22629 CVE-2022-22662
CVE-2022-25308 CVE-2022-25309 CVE-2022-25310
CVE-2022-26700 CVE-2022-26709 CVE-2022-26710
CVE-2022-26716 CVE-2022-26717 CVE-2022-26719
CVE-2022-27404 CVE-2022-27405 CVE-2022-27406
CVE-2022-30293 CVE-2022-35737 CVE-2022-40303
CVE-2022-40304 CVE-2022-41715 CVE-2022-41717
CVE-2022-42010 CVE-2022-42011 CVE-2022-42012
CVE-2022-42898 CVE-2022-43680 CVE-2022-44617
CVE-2022-46285 CVE-2022-47629 CVE-2022-48303
=====================================================================

1. Summary:

OpenShift API for Data Protection (OADP) 1.1.2 is now available.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

OpenShift API for Data Protection (OADP) enables you to back up and restore
application resources, persistent volume data, and internal container
images to external backup storage. OADP enables both file system-based and
snapshot-based backups for persistent volumes.

Security Fix(es) from Bugzilla:

* golang: archive/tar: unbounded memory consumption when reading headers
(CVE-2022-2879)

* golang: net/http/httputil: ReverseProxy should not forward unparseable
query parameters (CVE-2022-2880)

* golang: regexp/syntax: limit memory used by parsing regexps
(CVE-2022-41715)

* golang: net/http: An attacker can cause excessive memory growth in a Go
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers
2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

5. JIRA issues fixed (https://issues.jboss.org/):

OADP-1056 - DPA fails validation if multiple BSLs have the same provider
OADP-1150 - Handle docker env config changes in the oadp-operator
OADP-1217 - update velero + restic to 1.9.5
OADP-1256 - Backup stays in progress status after restic pod is restarted due to OOM killed
OADP-1289 - Restore partially fails with error "Secrets \"deployer-token-rrjqx\" not found"
OADP-290 - Remove creation/usage of velero-privileged SCC

6. References:

https://access.redhat.com/security/cve/CVE-2021-46848
https://access.redhat.com/security/cve/CVE-2022-1122
https://access.redhat.com/security/cve/CVE-2022-1304
https://access.redhat.com/security/cve/CVE-2022-2056
https://access.redhat.com/security/cve/CVE-2022-2057
https://access.redhat.com/security/cve/CVE-2022-2058
https://access.redhat.com/security/cve/CVE-2022-2519
https://access.redhat.com/security/cve/CVE-2022-2520
https://access.redhat.com/security/cve/CVE-2022-2521
https://access.redhat.com/security/cve/CVE-2022-2867
https://access.redhat.com/security/cve/CVE-2022-2868
https://access.redhat.com/security/cve/CVE-2022-2869
https://access.redhat.com/security/cve/CVE-2022-2879
https://access.redhat.com/security/cve/CVE-2022-2880
https://access.redhat.com/security/cve/CVE-2022-2953
https://access.redhat.com/security/cve/CVE-2022-4415
https://access.redhat.com/security/cve/CVE-2022-4883
https://access.redhat.com/security/cve/CVE-2022-22624
https://access.redhat.com/security/cve/CVE-2022-22628
https://access.redhat.com/security/cve/CVE-2022-22629
https://access.redhat.com/security/cve/CVE-2022-22662
https://access.redhat.com/security/cve/CVE-2022-25308
https://access.redhat.com/security/cve/CVE-2022-25309
https://access.redhat.com/security/cve/CVE-2022-25310
https://access.redhat.com/security/cve/CVE-2022-26700
https://access.redhat.com/security/cve/CVE-2022-26709
https://access.redhat.com/security/cve/CVE-2022-26710
https://access.redhat.com/security/cve/CVE-2022-26716
https://access.redhat.com/security/cve/CVE-2022-26717
https://access.redhat.com/security/cve/CVE-2022-26719
https://access.redhat.com/security/cve/CVE-2022-27404
https://access.redhat.com/security/cve/CVE-2022-27405
https://access.redhat.com/security/cve/CVE-2022-27406
https://access.redhat.com/security/cve/CVE-2022-30293
https://access.redhat.com/security/cve/CVE-2022-35737
https://access.redhat.com/security/cve/CVE-2022-40303
https://access.redhat.com/security/cve/CVE-2022-40304
https://access.redhat.com/security/cve/CVE-2022-41715
https://access.redhat.com/security/cve/CVE-2022-41717
https://access.redhat.com/security/cve/CVE-2022-42010
https://access.redhat.com/security/cve/CVE-2022-42011
https://access.redhat.com/security/cve/CVE-2022-42012
https://access.redhat.com/security/cve/CVE-2022-42898
https://access.redhat.com/security/cve/CVE-2022-43680
https://access.redhat.com/security/cve/CVE-2022-44617
https://access.redhat.com/security/cve/CVE-2022-46285
https://access.redhat.com/security/cve/CVE-2022-47629
https://access.redhat.com/security/cve/CVE-2022-48303
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIUAwUBZAk/3dzjgjWX9erEAQgKPg/3Ri4q2NpruiiTlkWhpwy+dG0BuwSIKfuL
kmzLCcLLAQlCsEi31S3qtFbcBl5IK4JAPRMXtN7egvfjbKorCzwPGp/IolN9FJqc
SEEJ51mMBxLEPWjkuKH2Cad0QrefcaslXzGxJiUw1IngilOxhNFyniDhrr3dUdPo
hvwuozHmVLVKimJ1GNpX4PWPO5flQ81LnIT2kJdhlQWYDjVZ1SLPvfyxI6WxxVl8
PceMlXGzhhSJJ0G35jGq5p96JCtwX+75gYwkuYjkPqqIUElfpRKBvrXwt+Ci6baH
hg8/Jp3Hdm3YitqDjsmysRxUkfv2ufuxIsgWfMYK3duo5mJQJWEVJ5S1C/2TOgPC
QNhwk2VeWHFVSojudGUH9kqrV3wT+BHK1XReKjV8++yLZIbDy5ywH/dOjbA4RAkh
vdQVc8xOGqgAsSN3DkjH7LWS86qktibW+Tm+h5c8HyRrOajwKeP67to2GfnRPva5
1TNAhR0eDqy1HQ/SgE6Hkx1f2sSjfT0dpnEIMZD2+Cmp64bFlm5KoZNXLmUlTmhu
vtDQtamhHlotPGV8znjMGbxpucpkzvGbTUPF1dQZo7xJP+Z8GedJLStvPhtTvN1T
JaZ5PvPR9HVmjWOWpxsIll7xwx/wwfclRWH02hZj4eiNhjCnPQFWenAOfNCgus8D
4jA0TFXFMA==
=24ND
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close