Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update
🔗 CVE IDs covered (13)
📋 Description
CVE-2022-2990 — buildah: possible information disclosure and modification CVE-2022-3259 — OpenShift: Missing HTTP Strict Transport Security CVE-2022-27191 — golang: crash in a golang.org/x/crypto/ssh server CVE-2022-41717 — golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41722 — golang: path/filepath: path-filepath filepath.Clean path traversal CVE-2022-41723 — golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding CVE-2022-41724 — golang: crypto/tls: large handshake records may cause panics CVE-2022-41725 — golang: net/http, mime/multipart: denial of service from excessive resource consumption CVE-2023-0056 — haproxy: segfault DoS CVE-2023-0229 — openshift/apiserver-library-go: Bypass of SCC seccomp profile restrictions CVE-2023-0778 — podman: symlink exchange attack in podman export volume CVE-2023-25577 — python-werkzeug: high resource usage when parsing multipart form data with many fields CVE-2023-25725 — haproxy: request smuggling attack in HTTP/1 header parsing
🔗 References (15)
- selfhttps://access.redhat.com/errata/RHSA-2023:1325
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2103220
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2121453
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2160349
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2160808
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2161274
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2168256
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2169089
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2170242
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2178358
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2178488
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2178492
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1325.json