-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Virtualization 4.13.4 security and bug fix update
Advisory ID:       RHSA-2023:5233-01
Product:           OpenShift Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5233
Issue date:        2023-09-19
CVE Names:         CVE-2016-3709 CVE-2022-41723 CVE-2023-1637
                   CVE-2023-2602 CVE-2023-2603 CVE-2023-3354
                   CVE-2023-3390 CVE-2023-3610 CVE-2023-3776
                   CVE-2023-3899 CVE-2023-4004 CVE-2023-4147
                   CVE-2023-20593 CVE-2023-21102 CVE-2023-30630
                   CVE-2023-31248 CVE-2023-34969 CVE-2023-35001
====================================================================
1. Summary:

Red Hat OpenShift Virtualization release 4.13.4 is now available with
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.13.4 images.

Security Fix(es):

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK
decoding (CVE-2022-41723)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* USB-redirection regression (BZ#2221220)

* DataImportCron DVs do not respond to default storage class being set
(BZ#2232347)

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding
2221220 - USB-redirection regression
2232347 - DataImportCron DVs do not respond to default storage class being set

5. References:

https://access.redhat.com/security/cve/CVE-2016-3709
https://access.redhat.com/security/cve/CVE-2022-41723
https://access.redhat.com/security/cve/CVE-2023-1637
https://access.redhat.com/security/cve/CVE-2023-2602
https://access.redhat.com/security/cve/CVE-2023-2603
https://access.redhat.com/security/cve/CVE-2023-3354
https://access.redhat.com/security/cve/CVE-2023-3390
https://access.redhat.com/security/cve/CVE-2023-3610
https://access.redhat.com/security/cve/CVE-2023-3776
https://access.redhat.com/security/cve/CVE-2023-3899
https://access.redhat.com/security/cve/CVE-2023-4004
https://access.redhat.com/security/cve/CVE-2023-4147
https://access.redhat.com/security/cve/CVE-2023-20593
https://access.redhat.com/security/cve/CVE-2023-21102
https://access.redhat.com/security/cve/CVE-2023-30630
https://access.redhat.com/security/cve/CVE-2023-31248
https://access.redhat.com/security/cve/CVE-2023-34969
https://access.redhat.com/security/cve/CVE-2023-35001
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJlCb4IAAoJENzjgjWX9erETRwP/20c0zxVvSinjKKjZJeDH9hk
W3HPo4mNYJlx9PdBz11Uh3UlwRQAPMvedO9N3NMMGUnvxTNxWWE9Q/LY/PuzDu8n
GHbrLzrVWn4Ok0FxsY5AE9ENgsVz2Mv063+wCdRYpnZy7kVa8K1WH189xRxk+AbK
rDSAz3R7iY1mLy5Rw0MvYy0LbzT9zjteeWaQu94YuFDGEMe7BErWVFC5HX2iZ3js
kXjR4yGZkuLukq1fWdtbEaawIoOVnK3I59aO8gs+FdxVekW8HRJUv8wsTxRmwRUj
7pY+htflv5mY7stSszUg4q7FM4DJ75uCJk7Uw0eak7KSy/qpd69G1g0/SM1dIce9
eq67XN9B9BTU+iBURvJXfg/pn3hAMhXy87gn+r1AY/c3x7kw8SUyNZ7LH1Iw3mXg
Lr+mQCzqu3ybJMX/T6rEOqHiX14yLuk5tpb+FAeuWPHqgINUxiYVpeVwb1Se0JIL
O+61oyYGoHHxuSqazK1EgJPGAhtAwIaA4tQsiUkmY9p435DEdm5bm6mUvfIWn5B/
AkeJou+3Xx0fP0JXVPAfAUGBXoq+NGGs39UlPhcuxvg06JVDmE/MvgMKlYoNHcof
48fL3Hcac8ox92nOjvm/gOntoo7qSRoaAXVCVO0LaqYcdDYBC+eUplZvymdxGp3A
lXMK0Gsk/PAbyVsmL8II
=sU3r
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce