The following advisory data is extracted from: https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7922.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. - Packet Storm Staff ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.17.1 bug fix and security update Advisory ID: RHSA-2024:7922-03 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2024:7922 Issue date: 2024-10-16 Revision: 03 CVE Names: CVE-2023-3462 ==================================================================== Summary: Red Hat OpenShift Container Platform release 4.17.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.17.1. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2024:7925 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.17/release_notes/ocp-4-17-release-notes.html Security Fix(es): * pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345) * openshift-console: OAuth2 insufficient state parameter entropy (CVE-2024-6508) * Hashicorp/vault: Vault’s LDAP Auth Method Allows for User Enumeration (CVE-2023-3462) * golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) * containers/image: digest type does not guarantee valid type (CVE-2024-3727) * golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786) * net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791) * pgx: SQL Injection via Line Comment Creation (CVE-2024-27289) * path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.17/updating/updating_a_cluster/updating-cluster-cli.html Solution: CVEs: CVE-2023-3462 References: https://access.redhat.com/security/updates/classification/#important https://bugzilla.redhat.com/show_bug.cgi?id=2228020 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://bugzilla.redhat.com/show_bug.cgi?id=2268046 https://bugzilla.redhat.com/show_bug.cgi?id=2268465 https://bugzilla.redhat.com/show_bug.cgi?id=2274767 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://bugzilla.redhat.com/show_bug.cgi?id=2295777 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://bugzilla.redhat.com/show_bug.cgi?id=2310908 https://issues.redhat.com/browse/OCPBUGS-30950 https://issues.redhat.com/browse/OCPBUGS-33815 https://issues.redhat.com/browse/OCPBUGS-33834 https://issues.redhat.com/browse/OCPBUGS-33899 https://issues.redhat.com/browse/OCPBUGS-34034 https://issues.redhat.com/browse/OCPBUGS-34073 https://issues.redhat.com/browse/OCPBUGS-34134 https://issues.redhat.com/browse/OCPBUGS-34217 https://issues.redhat.com/browse/OCPBUGS-34285 https://issues.redhat.com/browse/OCPBUGS-34314 https://issues.redhat.com/browse/OCPBUGS-34643 https://issues.redhat.com/browse/OCPBUGS-35430 https://issues.redhat.com/browse/OCPBUGS-35868 https://issues.redhat.com/browse/OCPBUGS-36213 https://issues.redhat.com/browse/OCPBUGS-36680 https://issues.redhat.com/browse/OCPBUGS-38240 https://issues.redhat.com/browse/OCPBUGS-38379 https://issues.redhat.com/browse/OCPBUGS-38457 https://issues.redhat.com/browse/OCPBUGS-38462 https://issues.redhat.com/browse/OCPBUGS-38471 https://issues.redhat.com/browse/OCPBUGS-38563 https://issues.redhat.com/browse/OCPBUGS-38574 https://issues.redhat.com/browse/OCPBUGS-38760 https://issues.redhat.com/browse/OCPBUGS-38770 https://issues.redhat.com/browse/OCPBUGS-38784 https://issues.redhat.com/browse/OCPBUGS-38927 https://issues.redhat.com/browse/OCPBUGS-39013 https://issues.redhat.com/browse/OCPBUGS-39071 https://issues.redhat.com/browse/OCPBUGS-39091 https://issues.redhat.com/browse/OCPBUGS-39120 https://issues.redhat.com/browse/OCPBUGS-39124 https://issues.redhat.com/browse/OCPBUGS-39286 https://issues.redhat.com/browse/OCPBUGS-39390 https://issues.redhat.com/browse/OCPBUGS-39409 https://issues.redhat.com/browse/OCPBUGS-39414 https://issues.redhat.com/browse/OCPBUGS-39601 https://issues.redhat.com/browse/OCPBUGS-41255 https://issues.redhat.com/browse/OCPBUGS-41341 https://issues.redhat.com/browse/OCPBUGS-41357 https://issues.redhat.com/browse/OCPBUGS-41376 https://issues.redhat.com/browse/OCPBUGS-41576 https://issues.redhat.com/browse/OCPBUGS-41622 https://issues.redhat.com/browse/OCPBUGS-41685 https://issues.redhat.com/browse/OCPBUGS-41686 https://issues.redhat.com/browse/OCPBUGS-41817 https://issues.redhat.com/browse/OCPBUGS-41893 https://issues.redhat.com/browse/OCPBUGS-41908 https://issues.redhat.com/browse/OCPBUGS-41914 https://issues.redhat.com/browse/OCPBUGS-41933 https://issues.redhat.com/browse/OCPBUGS-41941 https://issues.redhat.com/browse/OCPBUGS-42006 https://issues.redhat.com/browse/OCPBUGS-42007 https://issues.redhat.com/browse/OCPBUGS-42008 https://issues.redhat.com/browse/OCPBUGS-42019 https://issues.redhat.com/browse/OCPBUGS-42060 https://issues.redhat.com/browse/OCPBUGS-42066 https://issues.redhat.com/browse/OCPBUGS-42081 https://issues.redhat.com/browse/OCPBUGS-42098 https://issues.redhat.com/browse/OCPBUGS-42116 https://issues.redhat.com/browse/OCPBUGS-42126 https://issues.redhat.com/browse/OCPBUGS-42131 https://issues.redhat.com/browse/OCPBUGS-42142 https://issues.redhat.com/browse/OCPBUGS-42164 https://issues.redhat.com/browse/OCPBUGS-42200 https://issues.redhat.com/browse/OCPBUGS-42223 https://issues.redhat.com/browse/OCPBUGS-42232 https://issues.redhat.com/browse/OCPBUGS-42248 https://issues.redhat.com/browse/OCPBUGS-42256 https://issues.redhat.com/browse/OCPBUGS-42261 https://issues.redhat.com/browse/OCPBUGS-42277 https://issues.redhat.com/browse/OCPBUGS-42296 https://issues.redhat.com/browse/OCPBUGS-42323 https://issues.redhat.com/browse/OCPBUGS-42336 https://issues.redhat.com/browse/OCPBUGS-42357 https://issues.redhat.com/browse/OCPBUGS-42362 https://issues.redhat.com/browse/OCPBUGS-42380 https://issues.redhat.com/browse/OCPBUGS-42394 https://issues.redhat.com/browse/OCPBUGS-42410 https://issues.redhat.com/browse/OCPBUGS-42421 https://issues.redhat.com/browse/OCPBUGS-42483 https://issues.redhat.com/browse/OCPBUGS-42580 https://issues.redhat.com/browse/OCPBUGS-42581 https://issues.redhat.com/browse/OCPBUGS-42582 https://issues.redhat.com/browse/OCPBUGS-42585 https://issues.redhat.com/browse/OCPBUGS-42606 https://issues.redhat.com/browse/OCPBUGS-42612 https://issues.redhat.com/browse/OCPBUGS-42622 https://issues.redhat.com/browse/OCPBUGS-42677 https://issues.redhat.com/browse/OCPBUGS-42678 https://issues.redhat.com/browse/OCPBUGS-42681 https://issues.redhat.com/browse/OCPBUGS-42699 https://issues.redhat.com/browse/OCPBUGS-42714 https://issues.redhat.com/browse/OCPBUGS-42721 https://issues.redhat.com/browse/OCPBUGS-42786 https://issues.redhat.com/browse/OCPBUGS-42812 https://issues.redhat.com/browse/OCPBUGS-42814 https://issues.redhat.com/browse/OCPBUGS-42853