Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Important: Secondary Scheduler Operator for Red Hat OpenShift 1.2.0

Related Vulnerabilities: CVE-2023-2602   CVE-2023-2603   CVE-2023-4527   CVE-2023-4806   CVE-2023-4813   CVE-2023-4911   CVE-2023-27536   CVE-2023-28321   CVE-2023-28484   CVE-2023-29469   CVE-2023-29491   CVE-2023-39318   CVE-2023-39319   CVE-2023-39321   CVE-2023-39322   CVE-2023-39325   CVE-2023-44487  

Source

Synopsis

Important: Secondary Scheduler Operator for Red Hat OpenShift 1.2.0

Type/Severity

Security Advisory: Important

Topic

Secondary Scheduler Operator for Red Hat OpenShift 1.2.0

Description

The Secondary Scheduler Operator for Red Hat OpenShift is an optional
operator that makes it possible to deploy a secondary scheduler by
providing a scheduler image. You can run a scheduler with custom
plugins without applying additional manifests, such as cluster roles
and deployments.

Security Fix(es):

  • golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (CVE-2023-44487)
  • golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
  • golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
  • golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
  • golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Secondary Scheduler Operator for Red Hat OpenShift (OSSO) 1 for RHEL 8 x86_64

Fixes

  • BZ - 2237773 - CVE-2023-39319 golang: html/template: improper handling of special tags within script contexts
  • BZ - 2237776 - CVE-2023-39318 golang: html/template: improper handling of HTML-like comments within script contexts
  • BZ - 2237777 - CVE-2023-39321 golang: crypto/tls: panic when processing post-handshake message on QUIC connections
  • BZ - 2237778 - CVE-2023-39322 golang: crypto/tls: lack of a limit on buffered post-handshake
  • BZ - 2242803 - CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
  • BZ - 2243296 - CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)
  • WRKLDS-779 - New OSSO 1.2.0 release

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started