Lucene search

K
redhatRedHatRHSA-2023:0408
HistoryJan 24, 2023 - 1:18 p.m.

(RHSA-2023:0408) Important: OpenShift Virtualization 4.12.0 Images security update

2023-01-2413:18:25
access.redhat.com
46

0.106 Low

EPSS

Percentile

95.0%

OpenShift Virtualization is Red Hat’s virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:

Security Fix(es):

  • golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)

  • kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)

  • golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)

  • golang: syscall: don’t close fd 0 on ForkExec error (CVE-2021-44717)

  • golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)

  • golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

  • golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)

  • golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)

  • golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)

  • golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

  • golang: syscall: faccessat checks wrong group (CVE-2022-29526)

  • golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

  • golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

  • golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

  • golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

  • golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

  • golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

  • golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

RHEL-8-CNV-4.12

==============

bridge-marker-container-v4.12.0-24
cluster-network-addons-operator-container-v4.12.0-24
cnv-containernetworking-plugins-container-v4.12.0-24
cnv-must-gather-container-v4.12.0-58
hco-bundle-registry-container-v4.12.0-769
hostpath-csi-driver-container-v4.12.0-30
hostpath-provisioner-container-v4.12.0-30
hostpath-provisioner-operator-container-v4.12.0-31
hyperconverged-cluster-operator-container-v4.12.0-96
hyperconverged-cluster-webhook-container-v4.12.0-96
kubemacpool-container-v4.12.0-24
kubevirt-console-plugin-container-v4.12.0-182
kubevirt-ssp-operator-container-v4.12.0-64
kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55
kubevirt-tekton-tasks-copy-template-container-v4.12.0-55
kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55
kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55
kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55
kubevirt-tekton-tasks-operator-container-v4.12.0-40
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55
kubevirt-template-validator-container-v4.12.0-32
libguestfs-tools-container-v4.12.0-255
ovs-cni-marker-container-v4.12.0-24
ovs-cni-plugin-container-v4.12.0-24
virt-api-container-v4.12.0-255
virt-artifacts-server-container-v4.12.0-255
virt-cdi-apiserver-container-v4.12.0-72
virt-cdi-cloner-container-v4.12.0-72
virt-cdi-controller-container-v4.12.0-72
virt-cdi-importer-container-v4.12.0-72
virt-cdi-operator-container-v4.12.0-72
virt-cdi-uploadproxy-container-v4.12.0-71
virt-cdi-uploadserver-container-v4.12.0-72
virt-controller-container-v4.12.0-255
virt-exportproxy-container-v4.12.0-255
virt-exportserver-container-v4.12.0-255
virt-handler-container-v4.12.0-255
virt-launcher-container-v4.12.0-255
virt-operator-container-v4.12.0-255
virtio-win-container-v4.12.0-10
vm-network-latency-checkup-container-v4.12.0-89