-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift API for Data Protection (OADP) 1.0.11 security and bug fix update Advisory ID: RHSA-2023:4289-01 Product: OpenShift API for Data Protection Advisory URL: https://access.redhat.com/errata/RHSA-2023:4289 Issue date: 2023-07-27 CVE Names: CVE-2020-24736 CVE-2022-48281 CVE-2023-1667 CVE-2023-2283 CVE-2023-24540 CVE-2023-26604 ===================================================================== 1. Summary: OpenShift API for Data Protection (OADP) 1.0.11 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Security Fix(es) from Bugzilla: * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace 5. JIRA issues fixed (https://issues.redhat.com/): OADP-1504 - oadp-1.0: Restoring pod using image from openshift build randomly ImagePullBackoff 6. References: https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2022-48281 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/cve/CVE-2023-26604 https://access.redhat.com/security/updates/classification/#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJkxCC+AAoJENzjgjWX9erEL74P+wZeJaHj4sqBTgCle1QC2ylN mLpWyUC5heY8E6h21jqr1cgh4Opf3M0NJdIn3R3OkyeXMuXNlCdyI6RGZg7DHE0f E0lc8WAOqpZvHiR9J2YOb1aOWwTUInvXYX5viR5oXnw+2oyTfuVgfYbW12MKzryH IxvCEnRBh1Frp5CPa7M+bctBJjt72rhzvu8xRRdeyjDmq/K/MCLYDTB2+BhyaZEr xsmwf6qcTuSbza7nXdUaqfs3riTYtXDZMp42inyuCr4xwBMoTzVyNciacw586stD BKJ3QYdxB2tu5v7+b8QuNhWQdCURwfFegdch/tlw0V5QqBHnGHe+lRt17K7CIm+h 53rrM5Oc57nR5SxY4nDsX1OOtc/aHpEMZsqcgv7GF4YWjt//qcL87zxRNKoL+byJ jqFrxO3eU9DBd1jDLtHaoNlrCNb/eXd00wlLxPTDYEr8tc1R2Skep3iNaZ9fDNEX chIvtTvNKcfXyHL3GhStzfCumQlVuA8vkZAzSCyZ3KxrMZcjpyp8dE0nCiGdHRgX JlNZnxWQaadZj8ZyxXo+50/XDqAtQc4kNFyoSB2mKeBx7bwcmb+jGqtrwonpx3S+ Jklo8UxGYNCkJoEez9S+970pc6jTvr1xZo6Mqpr3lMFZ8QYkhHLExvyWy9P8BzCw aZcVairD+7OHWeKtNhzx =ADOo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce