Lucene search

K
redhatRedHatRHSA-2024:1859
HistoryApr 16, 2024 - 5:23 p.m.

(RHSA-2024:1859) Moderate: OpenShift API for Data Protection (OADP) 1.3.1 security and bug fix update

2024-04-1617:23:39
access.redhat.com
14
openshift api
data protection
oadp
security update
bug fix
backup
restore
persistent volume
container images
file system
snapshot-based
dos vulnerability
rsa
timing side channel attack
denial of service
ssh
binary packet protocol
bpp
cve
security issue
cvss score.

7.3 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

Security Fix(es) from Bugzilla:

  • opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)

  • golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)

  • golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)

  • ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)

  • golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

  • jose-go: improper handling of highly compressed data (CVE-2024-28180)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.