RHSA-2024:2875HighCVSS 7.5
Red Hat Security Advisory: OpenShift Container Platform 4.13.42 bug fix and security update
🔗 CVE IDs covered (4)
📋 Description
CVE-2023-45288 — golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2024-1135 — python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers CVE-2024-28180 — jose-go: improper handling of highly compressed data CVE-2024-31463 — ironic-image: Unauthenticated local access to Ironic API
🔗 References (18)
- selfhttps://access.redhat.com/errata/RHSA-2024:2875
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2268273
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2268854
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2275280
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2275847
- externalhttps://issues.redhat.com/browse/OCPBUGS-18674
- externalhttps://issues.redhat.com/browse/OCPBUGS-32180
- externalhttps://issues.redhat.com/browse/OCPBUGS-33062
- externalhttps://issues.redhat.com/browse/OCPBUGS-33174
- externalhttps://issues.redhat.com/browse/OCPBUGS-33252
- externalhttps://issues.redhat.com/browse/OCPBUGS-33273
- externalhttps://issues.redhat.com/browse/OCPBUGS-33280
- externalhttps://issues.redhat.com/browse/OCPBUGS-33327
- externalhttps://issues.redhat.com/browse/OCPBUGS-33448
- externalhttps://issues.redhat.com/browse/OCPBUGS-33449
- externalhttps://issues.redhat.com/browse/OCPBUGS-33581
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2875.json