RHSA-2023:5314MediumCVSS 7.5
Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.6 security and bug fix update
🔗 CVE IDs covered (5)
📋 Description
CVE-2022-21698 — prometheus/client_golang: Denial of service using InstrumentHandlerCounter CVE-2022-41723 — golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding CVE-2023-2253 — distribution/distribution: DoS from malicious API request CVE-2023-24532 — golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results CVE-2023-25173 — containerd: Supplementary groups are not set up properly
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2023:5314
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2045880
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2174485
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2178358
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2189886
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2223355
- externalhttps://issues.redhat.com/browse/OADP-2420
- externalhttps://issues.redhat.com/browse/OADP-2530
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5314.json