(RHSA-2023:6154) Important: Secondary Scheduler Operator for Red Hat OpenShift 1.2.0

The Secondary Scheduler Operator for Red Hat OpenShift is an optional
operator that makes it possible to deploy a secondary scheduler by
providing a scheduler image. You can run a scheduler with custom
plugins without applying additional manifests, such as cluster roles
and deployments.

Security Fix(es):

• golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)

• HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (CVE-2023-44487)

• golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)

• golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)

• golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)

• golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)