The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0040.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff




====================================================================
Red Hat Security Advisory

Synopsis:           Critical: OpenShift Container Platform 4.16.0 security and extras update
Advisory ID:        RHSA-2024:0040-03
Product:            Red Hat OpenShift Enterprise
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0040
Issue date:         2024-08-19
Revision:           03
CVE Names:          CVE-2023-48795
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.16.0 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container
Platform 4.16.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.




Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.16.0. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHSA-2024:0041

Security Fix(es):

* ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
(CVE-2023-48795)
* golang-protobuf: encoding/protojson, internal/encoding/json: infinite
loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
(CVE-2024-24786)
* cloudevents/sdk-go: usage of WithRoundTripper to create a Client leaks
credentials (CVE-2024-28110)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

All OpenShift Container Platform 4.16 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.openshift.com/container-platform/4.16/updating/updating_a_cluster/updating-cluster-cli.html


Solution:

https://access.redhat.com/articles/11258



CVEs:

CVE-2023-48795

References:

https://access.redhat.com/security/updates/classification/#critical
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugzilla.redhat.com/show_bug.cgi?id=2268046
https://bugzilla.redhat.com/show_bug.cgi?id=2268372
https://issues.redhat.com/browse/OCPBUGS-24231
https://issues.redhat.com/browse/OCPBUGS-24435
https://issues.redhat.com/browse/OCPBUGS-24595
https://issues.redhat.com/browse/OCPBUGS-24822
https://issues.redhat.com/browse/OCPBUGS-24869
https://issues.redhat.com/browse/OCPBUGS-24870
https://issues.redhat.com/browse/OCPBUGS-24882
https://issues.redhat.com/browse/OCPBUGS-24891
https://issues.redhat.com/browse/OCPBUGS-24901
https://issues.redhat.com/browse/OCPBUGS-24951
https://issues.redhat.com/browse/OCPBUGS-24982
https://issues.redhat.com/browse/OCPBUGS-25010
https://issues.redhat.com/browse/OCPBUGS-25031
https://issues.redhat.com/browse/OCPBUGS-25430
https://issues.redhat.com/browse/OCPBUGS-25568
https://issues.redhat.com/browse/OCPBUGS-25853
https://issues.redhat.com/browse/OCPBUGS-25986
https://issues.redhat.com/browse/OCPBUGS-27053
https://issues.redhat.com/browse/OCPBUGS-27197
https://issues.redhat.com/browse/OCPBUGS-27301
https://issues.redhat.com/browse/OCPBUGS-27407
https://issues.redhat.com/browse/OCPBUGS-28215
https://issues.redhat.com/browse/OCPBUGS-28248
https://issues.redhat.com/browse/OCPBUGS-28715
https://issues.redhat.com/browse/OCPBUGS-29171
https://issues.redhat.com/browse/OCPBUGS-29692
https://issues.redhat.com/browse/OCPBUGS-30926
https://issues.redhat.com/browse/OCPBUGS-31362
https://issues.redhat.com/browse/OCPBUGS-31554
https://issues.redhat.com/browse/OCPBUGS-31586
https://issues.redhat.com/browse/OCPBUGS-32054
https://issues.redhat.com/browse/OCPBUGS-32317
https://issues.redhat.com/browse/OCPBUGS-32443
https://issues.redhat.com/browse/OCPBUGS-33186
https://issues.redhat.com/browse/OCPBUGS-33988
https://issues.redhat.com/browse/OCPBUGS-34582