The following data is constructed from data provided by Red Hat's json file at: https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6832.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. - Packet Storm Staff ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Data Foundation 4.14.0 security, enhancement & bug fix update Advisory ID: RHSA-2023:6832-01 Product: Red Hat OpenShift Data Foundation Advisory URL: https://access.redhat.com/errata/RHSA-2023:6832 Issue date: 2023-11-08 Revision: 01 CVE Names: CVE-2021-4048 ==================================================================== Summary: Updated packages that include numerous enhancements and bug fixes are now available for Red Hat OpenShift Data Foundation 4.14.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section. * lapack: Out-of-bounds read in *larrv (CVE-2021-4048) * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) * Hashicorp/vault: Vault’s LDAP Auth Method Allows for User Enumeration (CVE-2023-3462) * golang.org/x/net/html: Cross site scripting (CVE-2023-3978) * golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) * golang: html/template: improper sanitization of CSS values (CVE-2023-24539) * golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400) * goproxy: Denial of service (DoS) via unspecified vectors (CVE-2023-37788) * hashicorp: html injection into web ui (CVE-2023-2121) * golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) * hashicorp/vault: Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets (CVE-2023-5077) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes: https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.14/html/4.14_release_notes/index All Red Hat OpenShift Data Foundation users are advised to upgrade to these packages that provide these bug fixes and enhancements. Solution: https://access.redhat.com/articles/11258 CVEs: CVE-2021-4048 References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://bugzilla.redhat.com/show_bug.cgi?id=1970939 https://bugzilla.redhat.com/show_bug.cgi?id=1982721 https://bugzilla.redhat.com/show_bug.cgi?id=2023189 https://bugzilla.redhat.com/show_bug.cgi?id=2024358 https://bugzilla.redhat.com/show_bug.cgi?id=2067095 https://bugzilla.redhat.com/show_bug.cgi?id=2079232 https://bugzilla.redhat.com/show_bug.cgi?id=2104207 https://bugzilla.redhat.com/show_bug.cgi?id=2104254 https://bugzilla.redhat.com/show_bug.cgi?id=2121514 https://bugzilla.redhat.com/show_bug.cgi?id=2122521 https://bugzilla.redhat.com/show_bug.cgi?id=2134040 https://bugzilla.redhat.com/show_bug.cgi?id=2134115 https://bugzilla.redhat.com/show_bug.cgi?id=2138855 https://bugzilla.redhat.com/show_bug.cgi?id=2142462 https://bugzilla.redhat.com/show_bug.cgi?id=2150752 https://bugzilla.redhat.com/show_bug.cgi?id=2150996 https://bugzilla.redhat.com/show_bug.cgi?id=2154351 https://bugzilla.redhat.com/show_bug.cgi?id=2158773 https://bugzilla.redhat.com/show_bug.cgi?id=2160034 https://bugzilla.redhat.com/show_bug.cgi?id=2165941 https://bugzilla.redhat.com/show_bug.cgi?id=2166354 https://bugzilla.redhat.com/show_bug.cgi?id=2169499 https://bugzilla.redhat.com/show_bug.cgi?id=2172624 https://bugzilla.redhat.com/show_bug.cgi?id=2175201 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://bugzilla.redhat.com/show_bug.cgi?id=2179348 https://bugzilla.redhat.com/show_bug.cgi?id=2180329 https://bugzilla.redhat.com/show_bug.cgi?id=2182351 https://bugzilla.redhat.com/show_bug.cgi?id=2183092 https://bugzilla.redhat.com/show_bug.cgi?id=2183444 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://bugzilla.redhat.com/show_bug.cgi?id=2184647 https://bugzilla.redhat.com/show_bug.cgi?id=2185042 https://bugzilla.redhat.com/show_bug.cgi?id=2189866 https://bugzilla.redhat.com/show_bug.cgi?id=2190382 https://bugzilla.redhat.com/show_bug.cgi?id=2192852 https://bugzilla.redhat.com/show_bug.cgi?id=2193109 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://bugzilla.redhat.com/show_bug.cgi?id=2207918 https://bugzilla.redhat.com/show_bug.cgi?id=2208563 https://bugzilla.redhat.com/show_bug.cgi?id=2209251 https://bugzilla.redhat.com/show_bug.cgi?id=2209258 https://bugzilla.redhat.com/show_bug.cgi?id=2209288 https://bugzilla.redhat.com/show_bug.cgi?id=2210047 https://bugzilla.redhat.com/show_bug.cgi?id=2210289 https://bugzilla.redhat.com/show_bug.cgi?id=2211362 https://bugzilla.redhat.com/show_bug.cgi?id=2211482 https://bugzilla.redhat.com/show_bug.cgi?id=2211491 https://bugzilla.redhat.com/show_bug.cgi?id=2211564 https://bugzilla.redhat.com/show_bug.cgi?id=2211643 https://bugzilla.redhat.com/show_bug.cgi?id=2211807 https://bugzilla.redhat.com/show_bug.cgi?id=2211866 https://bugzilla.redhat.com/show_bug.cgi?id=2212773 https://bugzilla.redhat.com/show_bug.cgi?id=2212931 https://bugzilla.redhat.com/show_bug.cgi?id=2213085 https://bugzilla.redhat.com/show_bug.cgi?id=2213118 https://bugzilla.redhat.com/show_bug.cgi?id=2213183 https://bugzilla.redhat.com/show_bug.cgi?id=2213550 https://bugzilla.redhat.com/show_bug.cgi?id=2213552 https://bugzilla.redhat.com/show_bug.cgi?id=2214023 https://bugzilla.redhat.com/show_bug.cgi?id=2214033 https://bugzilla.redhat.com/show_bug.cgi?id=2214237 https://bugzilla.redhat.com/show_bug.cgi?id=2214288 https://bugzilla.redhat.com/show_bug.cgi?id=2214838 https://bugzilla.redhat.com/show_bug.cgi?id=2215239 https://bugzilla.redhat.com/show_bug.cgi?id=2215917 https://bugzilla.redhat.com/show_bug.cgi?id=2216707 https://bugzilla.redhat.com/show_bug.cgi?id=2217887 https://bugzilla.redhat.com/show_bug.cgi?id=2217904 https://bugzilla.redhat.com/show_bug.cgi?id=2218116 https://bugzilla.redhat.com/show_bug.cgi?id=2218309 https://bugzilla.redhat.com/show_bug.cgi?id=2218492 https://bugzilla.redhat.com/show_bug.cgi?id=2218593 https://bugzilla.redhat.com/show_bug.cgi?id=2219136 https://bugzilla.redhat.com/show_bug.cgi?id=2219355 https://bugzilla.redhat.com/show_bug.cgi?id=2219395 https://bugzilla.redhat.com/show_bug.cgi?id=2219436 https://bugzilla.redhat.com/show_bug.cgi?id=2219797 https://bugzilla.redhat.com/show_bug.cgi?id=2219843 https://bugzilla.redhat.com/show_bug.cgi?id=2221473 https://bugzilla.redhat.com/show_bug.cgi?id=2221488 https://bugzilla.redhat.com/show_bug.cgi?id=2221638 https://bugzilla.redhat.com/show_bug.cgi?id=2221995 https://bugzilla.redhat.com/show_bug.cgi?id=2222022 https://bugzilla.redhat.com/show_bug.cgi?id=2222887 https://bugzilla.redhat.com/show_bug.cgi?id=2223553 https://bugzilla.redhat.com/show_bug.cgi?id=2223575 https://bugzilla.redhat.com/show_bug.cgi?id=2223690 https://bugzilla.redhat.com/show_bug.cgi?id=2223692 https://bugzilla.redhat.com/show_bug.cgi?id=2223702 https://bugzilla.redhat.com/show_bug.cgi?id=2223705 https://bugzilla.redhat.com/show_bug.cgi?id=2223706 https://bugzilla.redhat.com/show_bug.cgi?id=2223976 https://bugzilla.redhat.com/show_bug.cgi?id=2224245 https://bugzilla.redhat.com/show_bug.cgi?id=2224325 https://bugzilla.redhat.com/show_bug.cgi?id=2224493 https://bugzilla.redhat.com/show_bug.cgi?id=2225176 https://bugzilla.redhat.com/show_bug.cgi?id=2225223 https://bugzilla.redhat.com/show_bug.cgi?id=2225685 https://bugzilla.redhat.com/show_bug.cgi?id=2226647 https://bugzilla.redhat.com/show_bug.cgi?id=2227017 https://bugzilla.redhat.com/show_bug.cgi?id=2227607 https://bugzilla.redhat.com/show_bug.cgi?id=2227835 https://bugzilla.redhat.com/show_bug.cgi?id=2228020 https://bugzilla.redhat.com/show_bug.cgi?id=2228108 https://bugzilla.redhat.com/show_bug.cgi?id=2228319 https://bugzilla.redhat.com/show_bug.cgi?id=2228375 https://bugzilla.redhat.com/show_bug.cgi?id=2228689 https://bugzilla.redhat.com/show_bug.cgi?id=2228805 https://bugzilla.redhat.com/show_bug.cgi?id=2228816 https://bugzilla.redhat.com/show_bug.cgi?id=2230050 https://bugzilla.redhat.com/show_bug.cgi?id=2230334 https://bugzilla.redhat.com/show_bug.cgi?id=2230447 https://bugzilla.redhat.com/show_bug.cgi?id=2231074 https://bugzilla.redhat.com/show_bug.cgi?id=2231116 https://bugzilla.redhat.com/show_bug.cgi?id=2231124 https://bugzilla.redhat.com/show_bug.cgi?id=2231709 https://bugzilla.redhat.com/show_bug.cgi?id=2231838 https://bugzilla.redhat.com/show_bug.cgi?id=2232464 https://bugzilla.redhat.com/show_bug.cgi?id=2232502 https://bugzilla.redhat.com/show_bug.cgi?id=2232552 https://bugzilla.redhat.com/show_bug.cgi?id=2232608 https://bugzilla.redhat.com/show_bug.cgi?id=2233027 https://bugzilla.redhat.com/show_bug.cgi?id=2233036 https://bugzilla.redhat.com/show_bug.cgi?id=2233410 https://bugzilla.redhat.com/show_bug.cgi?id=2233445 https://bugzilla.redhat.com/show_bug.cgi?id=2233727 https://bugzilla.redhat.com/show_bug.cgi?id=2233731 https://bugzilla.redhat.com/show_bug.cgi?id=2234357 https://bugzilla.redhat.com/show_bug.cgi?id=2234386 https://bugzilla.redhat.com/show_bug.cgi?id=2234428 https://bugzilla.redhat.com/show_bug.cgi?id=2234735 https://bugzilla.redhat.com/show_bug.cgi?id=2234759 https://bugzilla.redhat.com/show_bug.cgi?id=2235245 https://bugzilla.redhat.com/show_bug.cgi?id=2235395 https://bugzilla.redhat.com/show_bug.cgi?id=2235423 https://bugzilla.redhat.com/show_bug.cgi?id=2235708 https://bugzilla.redhat.com/show_bug.cgi?id=2236387 https://bugzilla.redhat.com/show_bug.cgi?id=2236436 https://bugzilla.redhat.com/show_bug.cgi?id=2236444 https://bugzilla.redhat.com/show_bug.cgi?id=2236445 https://bugzilla.redhat.com/show_bug.cgi?id=2237213 https://bugzilla.redhat.com/show_bug.cgi?id=2237226 https://bugzilla.redhat.com/show_bug.cgi?id=2238400 https://bugzilla.redhat.com/show_bug.cgi?id=2238682 https://bugzilla.redhat.com/show_bug.cgi?id=2238720 https://bugzilla.redhat.com/show_bug.cgi?id=2238895 https://bugzilla.redhat.com/show_bug.cgi?id=2239033 https://bugzilla.redhat.com/show_bug.cgi?id=2239093 https://bugzilla.redhat.com/show_bug.cgi?id=2239096 https://bugzilla.redhat.com/show_bug.cgi?id=2239101 https://bugzilla.redhat.com/show_bug.cgi?id=2239140 https://bugzilla.redhat.com/show_bug.cgi?id=2239580 https://bugzilla.redhat.com/show_bug.cgi?id=2239589 https://bugzilla.redhat.com/show_bug.cgi?id=2239622 https://bugzilla.redhat.com/show_bug.cgi?id=2239776 https://bugzilla.redhat.com/show_bug.cgi?id=2239802 https://bugzilla.redhat.com/show_bug.cgi?id=2240778 https://bugzilla.redhat.com/show_bug.cgi?id=2241015 https://bugzilla.redhat.com/show_bug.cgi?id=2241185 https://bugzilla.redhat.com/show_bug.cgi?id=2241980 https://bugzilla.redhat.com/show_bug.cgi?id=2242121 https://bugzilla.redhat.com/show_bug.cgi?id=2242374 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2242854 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://bugzilla.redhat.com/show_bug.cgi?id=2244383 https://bugzilla.redhat.com/show_bug.cgi?id=2244517 https://bugzilla.redhat.com/show_bug.cgi?id=2244566 https://bugzilla.redhat.com/show_bug.cgi?id=2244638 https://bugzilla.redhat.com/show_bug.cgi?id=2244791 https://bugzilla.redhat.com/show_bug.cgi?id=2244793 https://bugzilla.redhat.com/show_bug.cgi?id=2245978 https://bugzilla.redhat.com/show_bug.cgi?id=2246185