Lucene search

K

RedHatRHSA-2024:1859

HistoryApr 16, 2024 - 5:23 p.m.

(RHSA-2024:1859) Moderate: OpenShift API for Data Protection (OADP) 1.3.1 security and bug fix update

2024-04-1617:23:39

access.redhat.com

14

openshift api

data protection

oadp

security update

bug fix

backup

restore

persistent volume

container images

file system

snapshot-based

dos vulnerability

rsa

timing side channel attack

denial of service

ssh

binary packet protocol

bpp

cve

security issue

cvss score.

7.3 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

Security Fix(es) from Bugzilla:

opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)
golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)
golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)
ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
jose-go: improper handling of highly compressed data (CVE-2024-28180)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

7.3 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

Related for RHSA-2024:1859

redhat33 osv15 rocky3 almalinux8 nessus77 oraclelinux9 openvas32 mageia2 gentoo1 redos1 cloudfoundry2 ubuntu2 fedora2 prion1 ubuntucve1 alpinelinux1 debian1 redhatcve1 cvelist1 nvd1 debiancve1 f51 cve1 slackware1 ibm1