The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6817.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff




====================================================================
Red Hat Security Advisory

Synopsis:           Important: OpenShift Virtualization 4.14.0 Images security and bug fix update
Advisory ID:        RHSA-2023:6817-01
Product:            OpenShift Virtualization
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6817
Issue date:         2023-11-08
Revision:           01
CVE Names:          CVE-2021-20329
====================================================================

Summary: 

Red Hat OpenShift Virtualization release 4.14.0 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.




Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.14.0 images.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)

* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)

* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)

* containerd: OCI image importer memory exhaustion (CVE-2023-25153)

* containerd: Supplementary groups are not set up properly (CVE-2023-25173)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.


Solution:

https://access.redhat.com/articles/11258



CVEs:

CVE-2021-20329

References:

https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
https://bugzilla.redhat.com/show_bug.cgi?id=1971033
https://bugzilla.redhat.com/show_bug.cgi?id=2017623
https://bugzilla.redhat.com/show_bug.cgi?id=2027959
https://bugzilla.redhat.com/show_bug.cgi?id=2036027
https://bugzilla.redhat.com/show_bug.cgi?id=2054863
https://bugzilla.redhat.com/show_bug.cgi?id=2064160
https://bugzilla.redhat.com/show_bug.cgi?id=2070033
https://bugzilla.redhat.com/show_bug.cgi?id=2089301
https://bugzilla.redhat.com/show_bug.cgi?id=2092271
https://bugzilla.redhat.com/show_bug.cgi?id=2092412
https://bugzilla.redhat.com/show_bug.cgi?id=2094734
https://bugzilla.redhat.com/show_bug.cgi?id=2095221
https://bugzilla.redhat.com/show_bug.cgi?id=2132473
https://bugzilla.redhat.com/show_bug.cgi?id=2135381
https://bugzilla.redhat.com/show_bug.cgi?id=2145102
https://bugzilla.redhat.com/show_bug.cgi?id=2149913
https://bugzilla.redhat.com/show_bug.cgi?id=2151200
https://bugzilla.redhat.com/show_bug.cgi?id=2151237
https://bugzilla.redhat.com/show_bug.cgi?id=2151248
https://bugzilla.redhat.com/show_bug.cgi?id=2151826
https://bugzilla.redhat.com/show_bug.cgi?id=2154317
https://bugzilla.redhat.com/show_bug.cgi?id=2156525
https://bugzilla.redhat.com/show_bug.cgi?id=2158550
https://bugzilla.redhat.com/show_bug.cgi?id=2160622
https://bugzilla.redhat.com/show_bug.cgi?id=2161184
https://bugzilla.redhat.com/show_bug.cgi?id=2167660
https://bugzilla.redhat.com/show_bug.cgi?id=2168749
https://bugzilla.redhat.com/show_bug.cgi?id=2169361
https://bugzilla.redhat.com/show_bug.cgi?id=2170437
https://bugzilla.redhat.com/show_bug.cgi?id=2170699
https://bugzilla.redhat.com/show_bug.cgi?id=2172390
https://bugzilla.redhat.com/show_bug.cgi?id=2172544
https://bugzilla.redhat.com/show_bug.cgi?id=2172945
https://bugzilla.redhat.com/show_bug.cgi?id=2173525
https://bugzilla.redhat.com/show_bug.cgi?id=2174289
https://bugzilla.redhat.com/show_bug.cgi?id=2174473
https://bugzilla.redhat.com/show_bug.cgi?id=2174485
https://bugzilla.redhat.com/show_bug.cgi?id=2174744
https://bugzilla.redhat.com/show_bug.cgi?id=2174859
https://bugzilla.redhat.com/show_bug.cgi?id=2174892
https://bugzilla.redhat.com/show_bug.cgi?id=2175651
https://bugzilla.redhat.com/show_bug.cgi?id=2175990
https://bugzilla.redhat.com/show_bug.cgi?id=2176216
https://bugzilla.redhat.com/show_bug.cgi?id=2176727
https://bugzilla.redhat.com/show_bug.cgi?id=2176745
https://bugzilla.redhat.com/show_bug.cgi?id=2176746
https://bugzilla.redhat.com/show_bug.cgi?id=2176756
https://bugzilla.redhat.com/show_bug.cgi?id=2176797
https://bugzilla.redhat.com/show_bug.cgi?id=2177279
https://bugzilla.redhat.com/show_bug.cgi?id=2177969
https://bugzilla.redhat.com/show_bug.cgi?id=2177977
https://bugzilla.redhat.com/show_bug.cgi?id=2178349
https://bugzilla.redhat.com/show_bug.cgi?id=2178488
https://bugzilla.redhat.com/show_bug.cgi?id=2178492
https://bugzilla.redhat.com/show_bug.cgi?id=2179660
https://bugzilla.redhat.com/show_bug.cgi?id=2179917
https://bugzilla.redhat.com/show_bug.cgi?id=2180664
https://bugzilla.redhat.com/show_bug.cgi?id=2180666
https://bugzilla.redhat.com/show_bug.cgi?id=2180719
https://bugzilla.redhat.com/show_bug.cgi?id=2180790
https://bugzilla.redhat.com/show_bug.cgi?id=2180931
https://bugzilla.redhat.com/show_bug.cgi?id=2181323
https://bugzilla.redhat.com/show_bug.cgi?id=2181432
https://bugzilla.redhat.com/show_bug.cgi?id=2181515
https://bugzilla.redhat.com/show_bug.cgi?id=2181920
https://bugzilla.redhat.com/show_bug.cgi?id=2182000
https://bugzilla.redhat.com/show_bug.cgi?id=2182056
https://bugzilla.redhat.com/show_bug.cgi?id=2182172
https://bugzilla.redhat.com/show_bug.cgi?id=2182233
https://bugzilla.redhat.com/show_bug.cgi?id=2182317
https://bugzilla.redhat.com/show_bug.cgi?id=2182362
https://bugzilla.redhat.com/show_bug.cgi?id=2182938
https://bugzilla.redhat.com/show_bug.cgi?id=2183076
https://bugzilla.redhat.com/show_bug.cgi?id=2183082
https://bugzilla.redhat.com/show_bug.cgi?id=2183491
https://bugzilla.redhat.com/show_bug.cgi?id=2183659
https://bugzilla.redhat.com/show_bug.cgi?id=2183915
https://bugzilla.redhat.com/show_bug.cgi?id=2183979
https://bugzilla.redhat.com/show_bug.cgi?id=2183995
https://bugzilla.redhat.com/show_bug.cgi?id=2184058
https://bugzilla.redhat.com/show_bug.cgi?id=2184063
https://bugzilla.redhat.com/show_bug.cgi?id=2184098
https://bugzilla.redhat.com/show_bug.cgi?id=2184860
https://bugzilla.redhat.com/show_bug.cgi?id=2185076
https://bugzilla.redhat.com/show_bug.cgi?id=2186462
https://bugzilla.redhat.com/show_bug.cgi?id=2186592
https://bugzilla.redhat.com/show_bug.cgi?id=2186763
https://bugzilla.redhat.com/show_bug.cgi?id=2187242
https://bugzilla.redhat.com/show_bug.cgi?id=2187524
https://bugzilla.redhat.com/show_bug.cgi?id=2187664
https://bugzilla.redhat.com/show_bug.cgi?id=2187971
https://bugzilla.redhat.com/show_bug.cgi?id=2188010
https://bugzilla.redhat.com/show_bug.cgi?id=2188144
https://bugzilla.redhat.com/show_bug.cgi?id=2188226
https://bugzilla.redhat.com/show_bug.cgi?id=2188244
https://bugzilla.redhat.com/show_bug.cgi?id=2188502
https://bugzilla.redhat.com/show_bug.cgi?id=2188886
https://bugzilla.redhat.com/show_bug.cgi?id=2189272
https://bugzilla.redhat.com/show_bug.cgi?id=2189312
https://bugzilla.redhat.com/show_bug.cgi?id=2189744
https://bugzilla.redhat.com/show_bug.cgi?id=2190171
https://bugzilla.redhat.com/show_bug.cgi?id=2190438
https://bugzilla.redhat.com/show_bug.cgi?id=2190448
https://bugzilla.redhat.com/show_bug.cgi?id=2192577
https://bugzilla.redhat.com/show_bug.cgi?id=2193116
https://bugzilla.redhat.com/show_bug.cgi?id=2193234
https://bugzilla.redhat.com/show_bug.cgi?id=2193266
https://bugzilla.redhat.com/show_bug.cgi?id=2193333
https://bugzilla.redhat.com/show_bug.cgi?id=2196161
https://bugzilla.redhat.com/show_bug.cgi?id=2196429
https://bugzilla.redhat.com/show_bug.cgi?id=2196459
https://bugzilla.redhat.com/show_bug.cgi?id=2196762
https://bugzilla.redhat.com/show_bug.cgi?id=2196765
https://bugzilla.redhat.com/show_bug.cgi?id=2196912
https://bugzilla.redhat.com/show_bug.cgi?id=2203291
https://bugzilla.redhat.com/show_bug.cgi?id=2207468
https://bugzilla.redhat.com/show_bug.cgi?id=2207916
https://bugzilla.redhat.com/show_bug.cgi?id=2209046
https://bugzilla.redhat.com/show_bug.cgi?id=2210070
https://bugzilla.redhat.com/show_bug.cgi?id=2210554
https://bugzilla.redhat.com/show_bug.cgi?id=2210988
https://bugzilla.redhat.com/show_bug.cgi?id=2211057
https://bugzilla.redhat.com/show_bug.cgi?id=2211168
https://bugzilla.redhat.com/show_bug.cgi?id=2211512
https://bugzilla.redhat.com/show_bug.cgi?id=2212289
https://bugzilla.redhat.com/show_bug.cgi?id=2212312
https://bugzilla.redhat.com/show_bug.cgi?id=2212496
https://bugzilla.redhat.com/show_bug.cgi?id=2212498
https://bugzilla.redhat.com/show_bug.cgi?id=2213255
https://bugzilla.redhat.com/show_bug.cgi?id=2214120
https://bugzilla.redhat.com/show_bug.cgi?id=2215285
https://bugzilla.redhat.com/show_bug.cgi?id=2215756
https://bugzilla.redhat.com/show_bug.cgi?id=2216330
https://bugzilla.redhat.com/show_bug.cgi?id=2216447
https://bugzilla.redhat.com/show_bug.cgi?id=2216449
https://bugzilla.redhat.com/show_bug.cgi?id=2216774
https://bugzilla.redhat.com/show_bug.cgi?id=2217472
https://bugzilla.redhat.com/show_bug.cgi?id=2217848
https://bugzilla.redhat.com/show_bug.cgi?id=2217870
https://bugzilla.redhat.com/show_bug.cgi?id=2217920
https://bugzilla.redhat.com/show_bug.cgi?id=2217956
https://bugzilla.redhat.com/show_bug.cgi?id=2218468
https://bugzilla.redhat.com/show_bug.cgi?id=2219144
https://bugzilla.redhat.com/show_bug.cgi?id=2219763
https://bugzilla.redhat.com/show_bug.cgi?id=2219785
https://bugzilla.redhat.com/show_bug.cgi?id=2219800
https://bugzilla.redhat.com/show_bug.cgi?id=2221461
https://bugzilla.redhat.com/show_bug.cgi?id=2221492
https://bugzilla.redhat.com/show_bug.cgi?id=2221801
https://bugzilla.redhat.com/show_bug.cgi?id=2221921
https://bugzilla.redhat.com/show_bug.cgi?id=2221929
https://bugzilla.redhat.com/show_bug.cgi?id=2221934
https://bugzilla.redhat.com/show_bug.cgi?id=2222008
https://bugzilla.redhat.com/show_bug.cgi?id=2222185
https://bugzilla.redhat.com/show_bug.cgi?id=2222290
https://bugzilla.redhat.com/show_bug.cgi?id=2222451
https://bugzilla.redhat.com/show_bug.cgi?id=2222607
https://bugzilla.redhat.com/show_bug.cgi?id=2223361
https://bugzilla.redhat.com/show_bug.cgi?id=2223539
https://bugzilla.redhat.com/show_bug.cgi?id=2223577
https://bugzilla.redhat.com/show_bug.cgi?id=2223654
https://bugzilla.redhat.com/show_bug.cgi?id=2223669
https://bugzilla.redhat.com/show_bug.cgi?id=2223776
https://bugzilla.redhat.com/show_bug.cgi?id=2223948
https://bugzilla.redhat.com/show_bug.cgi?id=2224104
https://bugzilla.redhat.com/show_bug.cgi?id=2224203
https://bugzilla.redhat.com/show_bug.cgi?id=2224353
https://bugzilla.redhat.com/show_bug.cgi?id=2224357
https://bugzilla.redhat.com/show_bug.cgi?id=2224828
https://bugzilla.redhat.com/show_bug.cgi?id=2224990
https://bugzilla.redhat.com/show_bug.cgi?id=2225116
https://bugzilla.redhat.com/show_bug.cgi?id=2226764
https://bugzilla.redhat.com/show_bug.cgi?id=2226982
https://bugzilla.redhat.com/show_bug.cgi?id=2227013
https://bugzilla.redhat.com/show_bug.cgi?id=2227059
https://bugzilla.redhat.com/show_bug.cgi?id=2227066
https://bugzilla.redhat.com/show_bug.cgi?id=2227746
https://bugzilla.redhat.com/show_bug.cgi?id=2227957
https://bugzilla.redhat.com/show_bug.cgi?id=2228036
https://bugzilla.redhat.com/show_bug.cgi?id=2228240
https://bugzilla.redhat.com/show_bug.cgi?id=2229704
https://bugzilla.redhat.com/show_bug.cgi?id=2229903
https://bugzilla.redhat.com/show_bug.cgi?id=2231839
https://bugzilla.redhat.com/show_bug.cgi?id=2233049
https://bugzilla.redhat.com/show_bug.cgi?id=2233098
https://bugzilla.redhat.com/show_bug.cgi?id=2233811
https://bugzilla.redhat.com/show_bug.cgi?id=2235151
https://bugzilla.redhat.com/show_bug.cgi?id=2236060
https://bugzilla.redhat.com/show_bug.cgi?id=2236223
https://bugzilla.redhat.com/show_bug.cgi?id=2236344
https://bugzilla.redhat.com/show_bug.cgi?id=2236393
https://bugzilla.redhat.com/show_bug.cgi?id=2236487
https://bugzilla.redhat.com/show_bug.cgi?id=2236545
https://bugzilla.redhat.com/show_bug.cgi?id=2237288
https://bugzilla.redhat.com/show_bug.cgi?id=2237916
https://bugzilla.redhat.com/show_bug.cgi?id=2238723
https://bugzilla.redhat.com/show_bug.cgi?id=2239786
https://bugzilla.redhat.com/show_bug.cgi?id=2239915
https://bugzilla.redhat.com/show_bug.cgi?id=2241327
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
https://bugzilla.redhat.com/show_bug.cgi?id=2243296
https://issues.redhat.com/browse/CNV-18977
https://issues.redhat.com/browse/CNV-23157
https://issues.redhat.com/browse/CNV-23181
https://issues.redhat.com/browse/CNV-23271
https://issues.redhat.com/browse/CNV-23972
https://issues.redhat.com/browse/CNV-24889
https://issues.redhat.com/browse/CNV-25126
https://issues.redhat.com/browse/CNV-25332
https://issues.redhat.com/browse/CNV-26044
https://issues.redhat.com/browse/CNV-26087
https://issues.redhat.com/browse/CNV-26167
https://issues.redhat.com/browse/CNV-26304
https://issues.redhat.com/browse/CNV-26584
https://issues.redhat.com/browse/CNV-26593
https://issues.redhat.com/browse/CNV-26637
https://issues.redhat.com/browse/CNV-26708
https://issues.redhat.com/browse/CNV-26710
https://issues.redhat.com/browse/CNV-26711
https://issues.redhat.com/browse/CNV-26715
https://issues.redhat.com/browse/CNV-26720
https://issues.redhat.com/browse/CNV-27084
https://issues.redhat.com/browse/CNV-27177
https://issues.redhat.com/browse/CNV-27204
https://issues.redhat.com/browse/CNV-27215
https://issues.redhat.com/browse/CNV-27332
https://issues.redhat.com/browse/CNV-27441
https://issues.redhat.com/browse/CNV-27494
https://issues.redhat.com/browse/CNV-27498
https://issues.redhat.com/browse/CNV-27514
https://issues.redhat.com/browse/CNV-27601
https://issues.redhat.com/browse/CNV-27602
https://issues.redhat.com/browse/CNV-27644
https://issues.redhat.com/browse/CNV-27772
https://issues.redhat.com/browse/CNV-27807
https://issues.redhat.com/browse/CNV-27813
https://issues.redhat.com/browse/CNV-27815
https://issues.redhat.com/browse/CNV-28056
https://issues.redhat.com/browse/CNV-28063
https://issues.redhat.com/browse/CNV-28079
https://issues.redhat.com/browse/CNV-28140
https://issues.redhat.com/browse/CNV-28206
https://issues.redhat.com/browse/CNV-28231
https://issues.redhat.com/browse/CNV-28234
https://issues.redhat.com/browse/CNV-28248
https://issues.redhat.com/browse/CNV-28266
https://issues.redhat.com/browse/CNV-28304
https://issues.redhat.com/browse/CNV-28347
https://issues.redhat.com/browse/CNV-28349
https://issues.redhat.com/browse/CNV-28367
https://issues.redhat.com/browse/CNV-28437
https://issues.redhat.com/browse/CNV-28439
https://issues.redhat.com/browse/CNV-28503
https://issues.redhat.com/browse/CNV-28553
https://issues.redhat.com/browse/CNV-28633
https://issues.redhat.com/browse/CNV-28637
https://issues.redhat.com/browse/CNV-28756
https://issues.redhat.com/browse/CNV-28757
https://issues.redhat.com/browse/CNV-28776
https://issues.redhat.com/browse/CNV-28827
https://issues.redhat.com/browse/CNV-28828
https://issues.redhat.com/browse/CNV-28861
https://issues.redhat.com/browse/CNV-29082
https://issues.redhat.com/browse/CNV-29095
https://issues.redhat.com/browse/CNV-29281
https://issues.redhat.com/browse/CNV-29295
https://issues.redhat.com/browse/CNV-29440
https://issues.redhat.com/browse/CNV-29725
https://issues.redhat.com/browse/CNV-30327
https://issues.redhat.com/browse/CNV-30572
https://issues.redhat.com/browse/CNV-30574
https://issues.redhat.com/browse/CNV-30859
https://issues.redhat.com/browse/CNV-30861
https://issues.redhat.com/browse/CNV-30863
https://issues.redhat.com/browse/CNV-30872
https://issues.redhat.com/browse/CNV-30878
https://issues.redhat.com/browse/CNV-30889
https://issues.redhat.com/browse/CNV-30894
https://issues.redhat.com/browse/CNV-30896
https://issues.redhat.com/browse/CNV-30901
https://issues.redhat.com/browse/CNV-30959
https://issues.redhat.com/browse/CNV-31119
https://issues.redhat.com/browse/CNV-31184
https://issues.redhat.com/browse/CNV-31188
https://issues.redhat.com/browse/CNV-31216
https://issues.redhat.com/browse/CNV-31218
https://issues.redhat.com/browse/CNV-31299
https://issues.redhat.com/browse/CNV-31550
https://issues.redhat.com/browse/CNV-31551
https://issues.redhat.com/browse/CNV-31576
https://issues.redhat.com/browse/CNV-31863
https://issues.redhat.com/browse/CNV-32040
https://issues.redhat.com/browse/CNV-32114
https://issues.redhat.com/browse/CNV-32168
https://issues.redhat.com/browse/CNV-32173
https://issues.redhat.com/browse/CNV-32369
https://issues.redhat.com/browse/CNV-32401
https://issues.redhat.com/browse/CNV-32447
https://issues.redhat.com/browse/CNV-32467
https://issues.redhat.com/browse/CNV-32485
https://issues.redhat.com/browse/CNV-32498
https://issues.redhat.com/browse/CNV-32520
https://issues.redhat.com/browse/CNV-32524
https://issues.redhat.com/browse/CNV-32596
https://issues.redhat.com/browse/CNV-32601
https://issues.redhat.com/browse/CNV-32666
https://issues.redhat.com/browse/CNV-32691
https://issues.redhat.com/browse/CNV-32985
https://issues.redhat.com/browse/CNV-33036
https://issues.redhat.com/browse/CNV-33037
https://issues.redhat.com/browse/CNV-33137
https://issues.redhat.com/browse/CNV-33735
https://issues.redhat.com/browse/CNV-33762
https://issues.redhat.com/browse/CNV-34472
https://issues.redhat.com/browse/CNV-34503