Lucene search

K

RedHatRHSA-2024:1859

HistoryApr 16, 2024 - 5:23 p.m.

(RHSA-2024:1859) Moderate: OpenShift API for Data Protection (OADP) 1.3.1 security and bug fix update

2024-04-1617:23:39

access.redhat.com

15

openshift api

data protection

oadp

security update

bug fix

backup

restore

persistent volume

container images

file system

snapshot-based

dos vulnerability

rsa

timing side channel attack

denial of service

ssh

binary packet protocol

bpp

cve

security issue

cvss score.

7.3 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

Security Fix(es) from Bugzilla:

opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)
golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)
golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)
ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
jose-go: improper handling of highly compressed data (CVE-2024-28180)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

7.3 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

Related for RHSA-2024:1859

redhat35 nessus76 osv15 oraclelinux8 rocky3 openvas32 almalinux8 mageia2 gentoo1 redos1 cloudfoundry2 ubuntu2 slackware1 redhatcve1 cve1 f51 ubuntucve1 prion1 debian1 alpinelinux1 fedora2 debiancve1 cvelist1 nvd1 ibm1