-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenStack Platform (collectd-libpod-stats) security update Advisory ID: RHSA-2023:1276-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:1276 Issue date: 2023-03-15 CVE Names: CVE-2022-41717 ===================================================================== 1. Summary: An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.1 - ppc64le, x86_64 Red Hat OpenStack Platform 16.2 - ppc64le, x86_64 3. Description: Collectd plugin for gathering resource usage statistics from containers created with the libpod library. Security Fix(es): * net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 6. Package List: Red Hat OpenStack Platform 16.1: Source: collectd-libpod-stats-1.0.4-3.el8ost.src.rpm ppc64le: collectd-libpod-stats-1.0.4-3.el8ost.ppc64le.rpm x86_64: collectd-libpod-stats-1.0.4-3.el8ost.x86_64.rpm Red Hat OpenStack Platform 16.2: Source: collectd-libpod-stats-1.0.4-3.el8ost.src.rpm ppc64le: collectd-libpod-stats-1.0.4-3.el8ost.ppc64le.rpm x86_64: collectd-libpod-stats-1.0.4-3.el8ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZBI1Q9zjgjWX9erEAQjwrw//QS/1xiRblnCgDJM5fxWRtMMbQb7SPV5u w+hYG75YxWF/t137BWzlpZIjh5ej+W4ej+CzFm3aP8iKTmNjI80QnM+pMaDkq+HQ mQ83dupVuCBFNfWTabqAzElMSa8IFZoh1dJnY1AAmy4Gfk28I1KbXML/REp/WMuo zDED7Al10ewD2xXbO2f+VpvM35GhJEvTrN15wJCfWEsy/I5un3WVrmZvqcRWMSh+ 1Q7fwHZm7TSocNcvuwk7JBefU1eDXPeeIkrArpujj0ToOycxhLPigIorb2K9Wl/R vcu6O3dnHOfFyKQ05IELv4ntv3K9L0Dn5xRbTR6ysnBMR0aY6vwcEEfqYikVNkKc 39L4m2QP59tLAgCtdt9Va+DgRBPxlEIDEKSiRbZrqjFLgfUymCSrlC/4QplZIBwa CzufK9UPP/eQm1Jq9iYIp01Bi9qkeGGwfig1O8kL5VQcraL1HSOLvA9w8pJTa2If cD9yzg6fvJknRVkhQai+CGEpoTxnMrREXSdSFwAhwKLXjjZ5tMRvZoGdebP+3FPW ExpeDxVgFOMPi7wYIcsTBokiJ4Cb8Dsmej/z2FilTxdiahXpqsMNuMLbEg+iRF+0 Fd2OCGqfIApnAqkiqG3b71QlN2DEzKmOjwPZUb1w5wNZCjAtpkcfDvyyfdFeh87i K1XofkTmDsY= =Z6QV -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce