exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2023-2023-01

Red Hat Security Advisory 2023-2023-01
Posted Apr 26, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2023-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-40186, CVE-2022-40897, CVE-2022-4304, CVE-2022-4415, CVE-2022-4450, CVE-2022-45061, CVE-2022-48303, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-23916
SHA-256 | c6904d9c5fef64669837a2ad40e8be5c2049a68a8cf769b21ca87ac743de8433

Red Hat Security Advisory 2023-2023-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat OpenShift Data Foundation 4.11.7 Bug Fix and security update
Advisory ID: RHSA-2023:2023-01
Product: RHODF
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2023
Issue date: 2023-04-26
CVE Names: CVE-2020-10735 CVE-2021-28861 CVE-2022-4304
CVE-2022-4415 CVE-2022-4450 CVE-2022-40186
CVE-2022-40897 CVE-2022-45061 CVE-2022-48303
CVE-2023-0215 CVE-2023-0286 CVE-2023-0361
CVE-2023-23916
=====================================================================

1. Summary:

Updated images that fix several bugs are now available for Red Hat
OpenShift Data Foundation 4.11.7 on Red Hat Enterprise Linux 8 from Red Hat
Container Registry.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Data Foundation is software-defined storage integrated
with and optimized for the Red Hat OpenShift Data Foundation. Red Hat
OpenShift Data Foundation is a highly scalable, production-grade persistent
storage for stateful applications running in the Red Hat OpenShift
Container Platform. In addition to persistent storage, Red Hat OpenShift
Data Foundation provisions a multicloud data management service with an S3
compatible API.

Security Fix(es):

* vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same
Name Assigned To The Same Entity (CVE-2022-40186)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

All users of Red Hat OpenShift Data Foundation are advised to upgrade to
these updated images, which provide several bug fixes.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2171965 - [4.11 clone] Secrets are used in env variables
2176012 - [ODF 4.11] Move the defaults for rookceph operator from configmap to csv
2181405 - CVE-2022-40186 vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity
2183683 - [ODF 4.11] Deployment of ODF 4.9 over external mode failing with: panic: assignment to entry in nil map in ocs-operator logs
2186456 - Include at ODF 4.11 container images the RHEL8 CVE fix on "openssl"

5. References:

https://access.redhat.com/security/cve/CVE-2020-10735
https://access.redhat.com/security/cve/CVE-2021-28861
https://access.redhat.com/security/cve/CVE-2022-4304
https://access.redhat.com/security/cve/CVE-2022-4415
https://access.redhat.com/security/cve/CVE-2022-4450
https://access.redhat.com/security/cve/CVE-2022-40186
https://access.redhat.com/security/cve/CVE-2022-40897
https://access.redhat.com/security/cve/CVE-2022-45061
https://access.redhat.com/security/cve/CVE-2022-48303
https://access.redhat.com/security/cve/CVE-2023-0215
https://access.redhat.com/security/cve/CVE-2023-0286
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-23916
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZEkQztzjgjWX9erEAQgqiQ//QNYPbRoFnC155vDFDqfb/Xen4MISMAL3
0ttVhQtlpAFvDpawOGKSU6VpSg5RTdjMebmGdJ33CiP/BQTyU+jA0jwVFlo47mqi
gfMKWhyn36+Y/Jy/n3QAbM3AoZpojuqHHac+nu5PipUVo2qUe8CvqG/yqb/bx/0P
mAMpbC2CWead2YRsWRAyTtwODCp5LV12X9zKQN4lLd04KEsYHBxKM4FnMA/FuY25
j39k/hGLvH7bH45okcnE/36aiGtiwPMnpg8Vilt0kBCGlSZTnhbs1wrJ7rsdoECi
+g2jA62Rfnb4I8/u9L16RZeKagM76nNlkeCPvgW7SyXOcuHiE/uK3e6XkrqxT9I/
v1bjt7w3KVuJKIz48XOsIVnUZ6XpbMdHUQAmTjYOBR59Fpjh3eKlV294XY97FqSk
LWH9PC6A347xrwEPx8A0xtVAYH91Kxn2IL5qHB9NxQpUffZhBHj5er8gowIpGvUN
PyhjibxA38UFhNNVYvgDNFC547V56KlJGwczuTAMVdyVLCPId86Rvo3PqM1gv567
iS14t91UNPWhkPkfibQy+jnI2YJuIKjuDYEIBto3Ys4Zmf8ha2WKx8B+PN7KNe8R
0z6xsMUrj+CHbBkuq1rPE+CW0XbXqsb1vRP2H2ucTByStag163Ll833x//FvOE/l
SN9bgU5rjbk=
=T/2V
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close