Moderate: Red Hat OpenShift Dev Spaces Security Update

标题

Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a
browser-based IDE built for teams and organizations. Dev Spaces runs in
OpenShift and is well-suited for container-based development.

The 3.7.1 release is based on Eclipse Che 7.67.

Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are
expected to update to newer OpenShift releases in order to continue to get Dev
Spaces updates.

https://access.redhat.com/support/policy/updates/openshift#crw

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

描述

Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a
browser-based IDE built for teams and organizations. Dev Spaces runs in
OpenShift and is well-suited for container-based development.

Security Fix(es):

• openshift: OCP & FIPS mode (CVE-2023-3089)

解决方案

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

受影响的产品

• Red Hat CodeReady Workspaces for OpenShift 3 x86_64

修复

• BZ - 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

CVE

• CVE-2020-24736
• CVE-2022-36227
• CVE-2022-48281
• CVE-2023-1667
• CVE-2023-2283
• CVE-2023-3089
• CVE-2023-22006
• CVE-2023-22036
• CVE-2023-22041
• CVE-2023-22045
• CVE-2023-22049
• CVE-2023-25193
• CVE-2023-26604
• CVE-2023-27535
• CVE-2023-28466

参考

• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/security/vulnerabilities/RHSB-2023-001