what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2024-0040-03

Red Hat Security Advisory 2024-0040-03
Posted Aug 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0040-03 - Red Hat OpenShift Container Platform release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-48795
SHA-256 | 2aa2e283554f7ec4bef065c8391eaae40310166f90549b343f6dee03125f1baf
Download | Favorite | View

Red Hat Security Advisory 2024-0040-03

Change Mirror Download


The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0040.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff




====================================================================
Red Hat Security Advisory

Synopsis:           Critical: OpenShift Container Platform 4.16.0 security and extras update
Advisory ID:        RHSA-2024:0040-03
Product:            Red Hat OpenShift Enterprise
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0040
Issue date:         2024-08-19
Revision:           03
CVE Names:          CVE-2023-48795
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.16.0 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container
Platform 4.16.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.




Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.16.0. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHSA-2024:0041

Security Fix(es):

* ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
(CVE-2023-48795)
* golang-protobuf: encoding/protojson, internal/encoding/json: infinite
loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
(CVE-2024-24786)
* cloudevents/sdk-go: usage of WithRoundTripper to create a Client leaks
credentials (CVE-2024-28110)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

All OpenShift Container Platform 4.16 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.openshift.com/container-platform/4.16/updating/updating_a_cluster/updating-cluster-cli.html


Solution:

https://access.redhat.com/articles/11258



CVEs:

CVE-2023-48795

References:

https://access.redhat.com/security/updates/classification/#critical
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugzilla.redhat.com/show_bug.cgi?id=2268046
https://bugzilla.redhat.com/show_bug.cgi?id=2268372
https://issues.redhat.com/browse/OCPBUGS-24231
https://issues.redhat.com/browse/OCPBUGS-24435
https://issues.redhat.com/browse/OCPBUGS-24595
https://issues.redhat.com/browse/OCPBUGS-24822
https://issues.redhat.com/browse/OCPBUGS-24869
https://issues.redhat.com/browse/OCPBUGS-24870
https://issues.redhat.com/browse/OCPBUGS-24882
https://issues.redhat.com/browse/OCPBUGS-24891
https://issues.redhat.com/browse/OCPBUGS-24901
https://issues.redhat.com/browse/OCPBUGS-24951
https://issues.redhat.com/browse/OCPBUGS-24982
https://issues.redhat.com/browse/OCPBUGS-25010
https://issues.redhat.com/browse/OCPBUGS-25031
https://issues.redhat.com/browse/OCPBUGS-25430
https://issues.redhat.com/browse/OCPBUGS-25568
https://issues.redhat.com/browse/OCPBUGS-25853
https://issues.redhat.com/browse/OCPBUGS-25986
https://issues.redhat.com/browse/OCPBUGS-27053
https://issues.redhat.com/browse/OCPBUGS-27197
https://issues.redhat.com/browse/OCPBUGS-27301
https://issues.redhat.com/browse/OCPBUGS-27407
https://issues.redhat.com/browse/OCPBUGS-28215
https://issues.redhat.com/browse/OCPBUGS-28248
https://issues.redhat.com/browse/OCPBUGS-28715
https://issues.redhat.com/browse/OCPBUGS-29171
https://issues.redhat.com/browse/OCPBUGS-29692
https://issues.redhat.com/browse/OCPBUGS-30926
https://issues.redhat.com/browse/OCPBUGS-31362
https://issues.redhat.com/browse/OCPBUGS-31554
https://issues.redhat.com/browse/OCPBUGS-31586
https://issues.redhat.com/browse/OCPBUGS-32054
https://issues.redhat.com/browse/OCPBUGS-32317
https://issues.redhat.com/browse/OCPBUGS-32443
https://issues.redhat.com/browse/OCPBUGS-33186
https://issues.redhat.com/browse/OCPBUGS-33988
https://issues.redhat.com/browse/OCPBUGS-34582

Login or Register to add favorites

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    11 Files
  • 7
    Aug 7th
    43 Files
  • 8
    Aug 8th
    42 Files
  • 9
    Aug 9th
    36 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    27 Files
  • 13
    Aug 13th
    18 Files
  • 14
    Aug 14th
    50 Files
  • 15
    Aug 15th
    33 Files
  • 16
    Aug 16th
    23 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    43 Files
  • 20
    Aug 20th
    29 Files
  • 21
    Aug 21st
    42 Files
  • 22
    Aug 22nd
    26 Files
  • 23
    Aug 23rd
    25 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close