Lucene search

K

RedHatRHSA-2023:6235

HistoryNov 01, 2023 - 12:02 p.m.

(RHSA-2023:6235) Important: OpenShift Virtualization 4.13.5 Images security update

2023-11-0112:02:34

access.redhat.com

23

openshift virtualization

red hat openshift

security update

golang

http/2

ddos attack

cve-2023-44487

cve-2023-39325

cve-2022-41723

bug fix

portworx

kubevirt_vmi_phase_count

7 High

AI Score

Confidence

Low

0.72 High

EPSS

Percentile

98.0%

OpenShift Virtualization is Red Hat’s virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.13.5 images.

Security Fix(es):

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

[4.13] portworx: update the storageProfile (BZ#2237872)
kubevirt_vmi_phase_count metrics is not working in 4.13.5 (BZ#2240675)

7 High

AI Score

Confidence

Low

0.72 High

EPSS

Percentile

98.0%

Related for RHSA-2023:6235

redhat56 oraclelinux6 rocky2 nessus57 osv10 almalinux4 rosalinux1 ibm7 openvas31 debian2 fedora6 aix1 ubuntu3 amazon1 slackware1 gentoo1 qualysblog1 redos1 cloudfoundry2 thn2 paloalto1 cisco1 mageia2