Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:0899
HistoryMar 01, 2023 - 8:41 a.m.

(RHSA-2023:0899) Important: OpenShift Container Platform 4.10.53 bug fix and security update

2023-03-0108:41:30
access.redhat.com
21

0.004 Low

EPSS

Percentile

74.5%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.53. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2023:0898

Security Fix(es):

  • goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)

  • go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents (CVE-2022-3064)

  • golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

Related

redos 1
ubuntu 1
osv 13
redhat 18
nessus 57
ubuntucve 5
openvas 22
debian 2
fedora 17
photon 3
rosalinux 1
veracode 4
cve 5
prion 4
cbl_mariner 10
gitlab 4
cvelist 4
redhatcve 4
ibm 7
debiancve 4
alpinelinux 4
wolfi 2
github 3
cgr 2
mageia 1
almalinux 1
redos
redos
ROS-20230117-02
2023-01-17 00:00:00
ubuntu
ubuntu
Open vSwitch vulnerabilities
2023-02-27 00:00:00
osv
osv
openvswitch vulnerabilities
2023-02-27 12:24:28
openvswitch - security update
2022-12-31 00:00:00
openvswitch - security update
2023-01-13 00:00:00
redhat
redhat
(RHSA-2023:0685) Moderate: openvswitch2.13 security, bug fix and enhancement update
2023-02-09 00:05:52
(RHSA-2023:0688) Moderate: openvswitch2.17 security, bug fix and enhancement update
2023-02-09 00:06:36
(RHSA-2023:0687) Moderate: openvswitch2.15 security, bug fix and enhancement update
2023-02-09 00:06:21
nessus
nessus
RHEL 8 : openvswitch2.13 (RHSA-2023:0685)
2023-02-09 00:00:00
RHEL 8 : openvswitch2.17 (RHSA-2023:0688)
2023-02-09 00:00:00
RHEL 8 : openvswitch2.15 (RHSA-2023:0687)
2023-02-09 00:00:00
ubuntucve
ubuntucve
CVE-2022-4338
2023-01-10 00:00:00
CVE-2022-4337
2023-01-10 00:00:00
CVE-2021-4238
2022-12-27 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3253-1)
2023-01-01 00:00:00
openSUSE: Security Advisory for openvswitch (SUSE-SU-2023:2250-2)
2024-03-04 00:00:00
Debian: Security Advisory (DSA-5319-1)
2023-01-15 00:00:00
debian
debian
[SECURITY] [DSA 5319-1] openvswitch security update
2023-01-13 19:23:56
[SECURITY] [DLA 3253-1] openvswitch security update
2022-12-31 14:58:16
fedora
fedora
[SECURITY] Fedora 38 Update: exercism-3.2.0-1.fc38
2023-09-05 00:41:28
[SECURITY] Fedora 37 Update: exercism-3.2.0-1.fc37
2023-09-05 00:47:16
[SECURITY] Fedora 39 Update: exercism-3.2.0-1.fc39
2023-09-15 19:02:47
photon
photon
Critical Photon OS Security Update - PHSA-2023-0316
2023-01-18 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0316
2023-01-18 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0519
2023-01-23 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2262
2023-10-22 05:27:25
veracode
veracode
Integer Underflow
2023-01-26 08:28:52
Out-Of-Bound Reads
2023-01-26 07:49:32
Insufficient Entropy In Randomly-Generated Alphanumeric Strings
2023-01-10 07:40:18
cve
cve
CVE-2022-4337
2023-01-10 22:15:00
CVE-2022-4338
2023-01-10 22:15:00
CVE-2021-4238
2022-12-27 22:15:00
prion
prion
Design/Logic Flaw
2023-01-10 22:15:00
Integer overflow
2023-01-10 22:15:00
Design/Logic Flaw
2022-12-27 22:15:00
cbl_mariner
cbl_mariner
CVE-2022-4338 affecting package openvswitch 2.15.1-2
2023-01-29 21:01:57
CVE-2022-4338 affecting package openvswitch for versions less than 2.17.5-1
2023-01-20 06:36:23
CVE-2022-4337 affecting package openvswitch for versions less than 2.17.5-1
2023-01-20 06:36:23
gitlab
gitlab
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
2022-12-28 00:00:00
yaml package for Go can consume excessive amounts of CPU or memory
2022-12-28 00:00:00
Uncontrolled Resource Consumption
2022-12-27 00:00:00
cvelist
cvelist
CVE-2021-4238 Insufficient randomness in github.com/Masterminds/goutils
2022-12-27 21:13:50
CVE-2022-4337
2023-01-10 00:00:00
CVE-2022-4338
2023-01-10 00:00:00
redhatcve
redhatcve
CVE-2021-4238
2022-12-28 11:35:12
CVE-2022-4337
2022-12-21 04:34:58
CVE-2022-4338
2022-12-21 04:35:08
ibm
ibm
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities (CVE-2021-4238)
2023-05-17 15:24:34
Security Bulletin: Vulnerability in the Golang language affects IBM Event Streams (CVE-2022-3064)
2023-03-06 07:49:07
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-41717)
2023-03-31 17:18:22
debiancve
debiancve
CVE-2022-4337
2023-01-10 22:15:00
CVE-2022-4338
2023-01-10 22:15:00
CVE-2021-4238
2022-12-27 22:15:00
alpinelinux
alpinelinux
CVE-2022-4337
2023-01-10 22:15:00
CVE-2022-4338
2023-01-10 22:15:00
CVE-2022-3064
2022-12-27 22:15:00
wolfi
wolfi
CVE-2022-3064 vulnerabilities
2024-05-20 09:07:17
CVE-2021-4238 vulnerabilities
2024-05-20 09:07:17
github
github
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
2022-12-28 00:30:23
yaml package for Go can consume excessive amounts of CPU or memory
2022-12-28 00:30:22
golang.org/x/net/http2 vulnerable to possible excessive memory growth
2022-12-08 21:30:19
cgr
cgr
CVE-2021-4238 vulnerabilities
2024-05-19 03:07:16
CVE-2022-3064 vulnerabilities
2024-05-19 03:07:16
mageia
mageia
Updated golang packages fix security vulnerability
2022-12-17 21:48:08
almalinux
almalinux
Moderate: conmon security and bug fix update
2023-05-09 00:00:00

0.004 Low

EPSS

Percentile

74.5%

JSON
Related for RHSA-2023:0899
redos1ubuntu1osv13redhat18nessus57ubuntucve5openvas22debian2fedora17photon3rosalinux1veracode4cve5prion4cbl_mariner10gitlab4cvelist4redhatcve4ibm7debiancve4alpinelinux4wolfi2github3cgr2mageia1almalinux1