The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4591.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. - Packet Storm Staff ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Data Foundation 4.16.0 security, enhancement & bug fix update Advisory ID: RHSA-2024:4591-03 Product: Red Hat OpenShift Data Foundation Advisory URL: https://access.redhat.com/errata/RHSA-2024:4591 Issue date: 2024-07-17 Revision: 03 CVE Names: CVE-2023-43646 ==================================================================== Summary: Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.16.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API. Security Fix(es): * get-func-name: ReDoS in chai module (CVE-2023-43646) * opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics (CVE-2023-47108) * golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) * golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783) * golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785) * golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786) * jose: resource exhaustion (CVE-2024-28176) * jose-go: improper handling of highly compressed data (CVE-2024-28180) * submariner-operator: RBAC permissions can allow for the spread of node compromises (CVE-2024-5042) * nodejs-ws: denial of service when handling a request with many HTTP headers (CVE-2024-37890) * node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes: https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.16/html/4.16_release_notes/index All Red Hat OpenShift Data Foundation users are advised to upgrade to these packages that provide these bug fixes and enhancements. Solution: https://access.redhat.com/articles/11258 CVEs: CVE-2023-43646 References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/cve/CVE-2023-43646 https://access.redhat.com/security/cve/CVE-2023-47108 https://access.redhat.com/security/cve/CVE-2024-1394 https://access.redhat.com/security/cve/CVE-2024-5042 https://access.redhat.com/security/cve/CVE-2024-24783 https://access.redhat.com/security/cve/CVE-2024-24785 https://access.redhat.com/security/cve/CVE-2024-24786 https://access.redhat.com/security/cve/CVE-2024-28176 https://access.redhat.com/security/cve/CVE-2024-28863 https://access.redhat.com/security/cve/CVE-2024-28180 https://access.redhat.com/security/cve/CVE-2024-37890 https://bugzilla.redhat.com/show_bug.cgi?id=2069759 https://bugzilla.redhat.com/show_bug.cgi?id=2078270 https://bugzilla.redhat.com/show_bug.cgi?id=2128142 https://bugzilla.redhat.com/show_bug.cgi?id=2132724 https://bugzilla.redhat.com/show_bug.cgi?id=2136413 https://bugzilla.redhat.com/show_bug.cgi?id=2139835 https://bugzilla.redhat.com/show_bug.cgi?id=2210040 https://bugzilla.redhat.com/show_bug.cgi?id=2214499 https://bugzilla.redhat.com/show_bug.cgi?id=2214948 https://bugzilla.redhat.com/show_bug.cgi?id=2215910 https://bugzilla.redhat.com/show_bug.cgi?id=2216213 https://bugzilla.redhat.com/show_bug.cgi?id=2216803 https://bugzilla.redhat.com/show_bug.cgi?id=2222146 https://bugzilla.redhat.com/show_bug.cgi?id=2231360 https://bugzilla.redhat.com/show_bug.cgi?id=2238308 https://bugzilla.redhat.com/show_bug.cgi?id=2239587 https://bugzilla.redhat.com/show_bug.cgi?id=2240951 https://bugzilla.redhat.com/show_bug.cgi?id=2241149 https://bugzilla.redhat.com/show_bug.cgi?id=2242832 https://bugzilla.redhat.com/show_bug.cgi?id=2243244 https://bugzilla.redhat.com/show_bug.cgi?id=2244353 https://bugzilla.redhat.com/show_bug.cgi?id=2246186 https://bugzilla.redhat.com/show_bug.cgi?id=2246364 https://bugzilla.redhat.com/show_bug.cgi?id=2246834 https://bugzilla.redhat.com/show_bug.cgi?id=2251022 https://bugzilla.redhat.com/show_bug.cgi?id=2251198 https://bugzilla.redhat.com/show_bug.cgi?id=2251308 https://bugzilla.redhat.com/show_bug.cgi?id=2252318 https://bugzilla.redhat.com/show_bug.cgi?id=2253043 https://bugzilla.redhat.com/show_bug.cgi?id=2253076 https://bugzilla.redhat.com/show_bug.cgi?id=2255998 https://bugzilla.redhat.com/show_bug.cgi?id=2256563 https://bugzilla.redhat.com/show_bug.cgi?id=2256899 https://bugzilla.redhat.com/show_bug.cgi?id=2257259 https://bugzilla.redhat.com/show_bug.cgi?id=2257949 https://bugzilla.redhat.com/show_bug.cgi?id=2258801 https://bugzilla.redhat.com/show_bug.cgi?id=2258861 https://bugzilla.redhat.com/show_bug.cgi?id=2258950 https://bugzilla.redhat.com/show_bug.cgi?id=2259195 https://bugzilla.redhat.com/show_bug.cgi?id=2259209 https://bugzilla.redhat.com/show_bug.cgi?id=2259616 https://bugzilla.redhat.com/show_bug.cgi?id=2259847 https://bugzilla.redhat.com/show_bug.cgi?id=2260325 https://bugzilla.redhat.com/show_bug.cgi?id=2260550 https://bugzilla.redhat.com/show_bug.cgi?id=2260757 https://bugzilla.redhat.com/show_bug.cgi?id=2261938 https://bugzilla.redhat.com/show_bug.cgi?id=2262134 https://bugzilla.redhat.com/show_bug.cgi?id=2262455 https://bugzilla.redhat.com/show_bug.cgi?id=2262461 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://bugzilla.redhat.com/show_bug.cgi?id=2262943 https://bugzilla.redhat.com/show_bug.cgi?id=2262992 https://bugzilla.redhat.com/show_bug.cgi?id=2262997 https://bugzilla.redhat.com/show_bug.cgi?id=2263148 https://bugzilla.redhat.com/show_bug.cgi?id=2263468 https://bugzilla.redhat.com/show_bug.cgi?id=2263488 https://bugzilla.redhat.com/show_bug.cgi?id=2263818 https://bugzilla.redhat.com/show_bug.cgi?id=2264435 https://bugzilla.redhat.com/show_bug.cgi?id=2264480 https://bugzilla.redhat.com/show_bug.cgi?id=2264767 https://bugzilla.redhat.com/show_bug.cgi?id=2264900 https://bugzilla.redhat.com/show_bug.cgi?id=2265340 https://bugzilla.redhat.com/show_bug.cgi?id=2265492 https://bugzilla.redhat.com/show_bug.cgi?id=2265562 https://bugzilla.redhat.com/show_bug.cgi?id=2266316 https://bugzilla.redhat.com/show_bug.cgi?id=2266562 https://bugzilla.redhat.com/show_bug.cgi?id=2266621 https://bugzilla.redhat.com/show_bug.cgi?id=2266629 https://bugzilla.redhat.com/show_bug.cgi?id=2266845 https://bugzilla.redhat.com/show_bug.cgi?id=2266930 https://bugzilla.redhat.com/show_bug.cgi?id=2267067 https://bugzilla.redhat.com/show_bug.cgi?id=2267610 https://bugzilla.redhat.com/show_bug.cgi?id=2267907 https://bugzilla.redhat.com/show_bug.cgi?id=2267965 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://bugzilla.redhat.com/show_bug.cgi?id=2268046 https://bugzilla.redhat.com/show_bug.cgi?id=2268820 https://bugzilla.redhat.com/show_bug.cgi?id=2268854 https://bugzilla.redhat.com/show_bug.cgi?id=2268939 https://bugzilla.redhat.com/show_bug.cgi?id=2269319 https://bugzilla.redhat.com/show_bug.cgi?id=2269354 https://bugzilla.redhat.com/show_bug.cgi?id=2270064 https://bugzilla.redhat.com/show_bug.cgi?id=2270446 https://bugzilla.redhat.com/show_bug.cgi?id=2271593 https://bugzilla.redhat.com/show_bug.cgi?id=2271804 https://bugzilla.redhat.com/show_bug.cgi?id=2271921 https://bugzilla.redhat.com/show_bug.cgi?id=2272386 https://bugzilla.redhat.com/show_bug.cgi?id=2272469 https://bugzilla.redhat.com/show_bug.cgi?id=2272528 https://bugzilla.redhat.com/show_bug.cgi?id=2272644 https://bugzilla.redhat.com/show_bug.cgi?id=2272664 https://bugzilla.redhat.com/show_bug.cgi?id=2272666 https://bugzilla.redhat.com/show_bug.cgi?id=2272928 https://bugzilla.redhat.com/show_bug.cgi?id=2272932 https://bugzilla.redhat.com/show_bug.cgi?id=2272938 https://bugzilla.redhat.com/show_bug.cgi?id=2273305 https://bugzilla.redhat.com/show_bug.cgi?id=2273336 https://bugzilla.redhat.com/show_bug.cgi?id=2273386 https://bugzilla.redhat.com/show_bug.cgi?id=2273387 https://bugzilla.redhat.com/show_bug.cgi?id=2273398 https://bugzilla.redhat.com/show_bug.cgi?id=2273533 https://bugzilla.redhat.com/show_bug.cgi?id=2273553 https://bugzilla.redhat.com/show_bug.cgi?id=2273560 https://bugzilla.redhat.com/show_bug.cgi?id=2273605 https://bugzilla.redhat.com/show_bug.cgi?id=2273702 https://bugzilla.redhat.com/show_bug.cgi?id=2273705 https://bugzilla.redhat.com/show_bug.cgi?id=2274107 https://bugzilla.redhat.com/show_bug.cgi?id=2274175 https://bugzilla.redhat.com/show_bug.cgi?id=2274193 https://bugzilla.redhat.com/show_bug.cgi?id=2274324 https://bugzilla.redhat.com/show_bug.cgi?id=2274373 https://bugzilla.redhat.com/show_bug.cgi?id=2274381 https://bugzilla.redhat.com/show_bug.cgi?id=2274392 https://bugzilla.redhat.com/show_bug.cgi?id=2274476 https://bugzilla.redhat.com/show_bug.cgi?id=2274548 https://bugzilla.redhat.com/show_bug.cgi?id=2274728 https://bugzilla.redhat.com/show_bug.cgi?id=2274734 https://bugzilla.redhat.com/show_bug.cgi?id=2274750 https://bugzilla.redhat.com/show_bug.cgi?id=2274757 https://bugzilla.redhat.com/show_bug.cgi?id=2274765 https://bugzilla.redhat.com/show_bug.cgi?id=2275049 https://bugzilla.redhat.com/show_bug.cgi?id=2275181 https://bugzilla.redhat.com/show_bug.cgi?id=2275222 https://bugzilla.redhat.com/show_bug.cgi?id=2275254 https://bugzilla.redhat.com/show_bug.cgi?id=2275413 https://bugzilla.redhat.com/show_bug.cgi?id=2275456 https://bugzilla.redhat.com/show_bug.cgi?id=2275484 https://bugzilla.redhat.com/show_bug.cgi?id=2275886 https://bugzilla.redhat.com/show_bug.cgi?id=2275935 https://bugzilla.redhat.com/show_bug.cgi?id=2276028 https://bugzilla.redhat.com/show_bug.cgi?id=2276055 https://bugzilla.redhat.com/show_bug.cgi?id=2276056 https://bugzilla.redhat.com/show_bug.cgi?id=2276135 https://bugzilla.redhat.com/show_bug.cgi?id=2276222 https://bugzilla.redhat.com/show_bug.cgi?id=2276344 https://bugzilla.redhat.com/show_bug.cgi?id=2276353 https://bugzilla.redhat.com/show_bug.cgi?id=2276366 https://bugzilla.redhat.com/show_bug.cgi?id=2276413 https://bugzilla.redhat.com/show_bug.cgi?id=2276438 https://bugzilla.redhat.com/show_bug.cgi?id=2276591 https://bugzilla.redhat.com/show_bug.cgi?id=2276593 https://bugzilla.redhat.com/show_bug.cgi?id=2276694 https://bugzilla.redhat.com/show_bug.cgi?id=2276913 https://bugzilla.redhat.com/show_bug.cgi?id=2276941 https://bugzilla.redhat.com/show_bug.cgi?id=2277184 https://bugzilla.redhat.com/show_bug.cgi?id=2277186 https://bugzilla.redhat.com/show_bug.cgi?id=2277711 https://bugzilla.redhat.com/show_bug.cgi?id=2277766 https://bugzilla.redhat.com/show_bug.cgi?id=2277770 https://bugzilla.redhat.com/show_bug.cgi?id=2277773 https://bugzilla.redhat.com/show_bug.cgi?id=2277785 https://bugzilla.redhat.com/show_bug.cgi?id=2278120 https://bugzilla.redhat.com/show_bug.cgi?id=2278389 https://bugzilla.redhat.com/show_bug.cgi?id=2278593 https://bugzilla.redhat.com/show_bug.cgi?id=2278603 https://bugzilla.redhat.com/show_bug.cgi?id=2278606 https://bugzilla.redhat.com/show_bug.cgi?id=2278676 https://bugzilla.redhat.com/show_bug.cgi?id=2278681 https://bugzilla.redhat.com/show_bug.cgi?id=2278684 https://bugzilla.redhat.com/show_bug.cgi?id=2278799 https://bugzilla.redhat.com/show_bug.cgi?id=2278815 https://bugzilla.redhat.com/show_bug.cgi?id=2279742 https://bugzilla.redhat.com/show_bug.cgi?id=2279860 https://bugzilla.redhat.com/show_bug.cgi?id=2279928 https://bugzilla.redhat.com/show_bug.cgi?id=2280342 https://bugzilla.redhat.com/show_bug.cgi?id=2280378 https://bugzilla.redhat.com/show_bug.cgi?id=2280657 https://bugzilla.redhat.com/show_bug.cgi?id=2280813 https://bugzilla.redhat.com/show_bug.cgi?id=2280818 https://bugzilla.redhat.com/show_bug.cgi?id=2280820 https://bugzilla.redhat.com/show_bug.cgi?id=2280834 https://bugzilla.redhat.com/show_bug.cgi?id=2280921 https://bugzilla.redhat.com/show_bug.cgi?id=2280946 https://bugzilla.redhat.com/show_bug.cgi?id=2280953 https://bugzilla.redhat.com/show_bug.cgi?id=2281580 https://bugzilla.redhat.com/show_bug.cgi?id=2281722 https://bugzilla.redhat.com/show_bug.cgi?id=2281729 https://bugzilla.redhat.com/show_bug.cgi?id=2282243 https://bugzilla.redhat.com/show_bug.cgi?id=2282254 https://bugzilla.redhat.com/show_bug.cgi?id=2282284 https://bugzilla.redhat.com/show_bug.cgi?id=2282314 https://bugzilla.redhat.com/show_bug.cgi?id=2282543 https://bugzilla.redhat.com/show_bug.cgi?id=2282834 https://bugzilla.redhat.com/show_bug.cgi?id=2283024 https://bugzilla.redhat.com/show_bug.cgi?id=2283489 https://bugzilla.redhat.com/show_bug.cgi?id=2283621 https://bugzilla.redhat.com/show_bug.cgi?id=2283629 https://bugzilla.redhat.com/show_bug.cgi?id=2283651 https://bugzilla.redhat.com/show_bug.cgi?id=2283797 https://bugzilla.redhat.com/show_bug.cgi?id=2283820 https://bugzilla.redhat.com/show_bug.cgi?id=2283965 https://bugzilla.redhat.com/show_bug.cgi?id=2283981 https://bugzilla.redhat.com/show_bug.cgi?id=2284090 https://bugzilla.redhat.com/show_bug.cgi?id=2284430 https://bugzilla.redhat.com/show_bug.cgi?id=2284652 https://bugzilla.redhat.com/show_bug.cgi?id=2290677 https://bugzilla.redhat.com/show_bug.cgi?id=2290847 https://bugzilla.redhat.com/show_bug.cgi?id=2291132 https://bugzilla.redhat.com/show_bug.cgi?id=2291182 https://bugzilla.redhat.com/show_bug.cgi?id=2291255 https://bugzilla.redhat.com/show_bug.cgi?id=2291301 https://bugzilla.redhat.com/show_bug.cgi?id=2291305 https://bugzilla.redhat.com/show_bug.cgi?id=2291336 https://bugzilla.redhat.com/show_bug.cgi?id=2292114 https://bugzilla.redhat.com/show_bug.cgi?id=2292241 https://bugzilla.redhat.com/show_bug.cgi?id=2292777 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://bugzilla.redhat.com/show_bug.cgi?id=2293621 https://bugzilla.redhat.com/show_bug.cgi?id=2293634 https://bugzilla.redhat.com/show_bug.cgi?id=2293881 https://bugzilla.redhat.com/show_bug.cgi?id=2294383 https://bugzilla.redhat.com/show_bug.cgi?id=2296991