Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Important: OpenShift Container Platform 4.12.47 security update

Related Vulnerabilities: CVE-2022-0854   CVE-2022-1016   CVE-2022-1679   CVE-2022-3028   CVE-2022-3522   CVE-2022-3567   CVE-2022-3628   CVE-2022-4129   CVE-2022-20141   CVE-2022-30594   CVE-2022-36227   CVE-2022-40982   CVE-2022-41218   CVE-2022-41723   CVE-2022-41858   CVE-2022-43750   CVE-2022-47929   CVE-2023-0394   CVE-2023-1073   CVE-2023-1079   CVE-2023-1192   CVE-2023-1195   CVE-2023-1382   CVE-2023-1838   CVE-2023-1855   CVE-2023-1998   CVE-2023-2162   CVE-2023-2163   CVE-2023-2194   CVE-2023-2513   CVE-2023-3161   CVE-2023-3268   CVE-2023-3567   CVE-2023-3611   CVE-2023-3772   CVE-2023-3812   CVE-2023-4459   CVE-2023-4622   CVE-2023-4623   CVE-2023-4732   CVE-2023-5178   CVE-2023-5388   CVE-2023-23454   CVE-2023-26545   CVE-2023-31436   CVE-2023-33203   CVE-2023-35823   CVE-2023-35824   CVE-2023-38409   CVE-2023-39325   CVE-2023-42753   CVE-2023-44446   CVE-2023-45871  

Source

Synopsis

Important: OpenShift Container Platform 4.12.47 security update

Type/Severity

Security Advisory: Important

Topic

Red Hat OpenShift Container Platform release 4.12.47 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

Security Fix(es):

  • golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

  • net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Container Platform 4.12 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.12 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.12 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 8 aarch64

Fixes

  • BZ - 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding
  • BZ - 2243296 - CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)
  • OCPBUGS-17370 - [UI] Installed Operators page crashed with TypeError: "Cannot read properties of undefined (reading 'name')" when navigated from the StorageSystems page
  • OCPBUGS-22091 - [release-4.12] High CPU usage in the ovs-vswitchd daemon
  • OCPBUGS-22431 - [release-4.12] Installed Operators page crashes with "Oh no! Something went wrong." error
  • OCPBUGS-22689 - Increase health probe for openshift apiserver
  • OCPBUGS-23184 - [azure] missing instance type validation check under defaultMachinePlatform
  • OCPBUGS-23302 - images: RHEL-8 container image is missing `xz`
  • OCPBUGS-23486 - mapi_current_pending_csr metric firing when non-mapi CSRs are present
  • OCPBUGS-24256 - [release-4.12] Gather HelmChart Information
  • OCPBUGS-24480 - overprovisionRatio can not be set to 1
  • OCPBUGS-25213 - [release-4.12] User can impersonate to all the user without the appropriate rolebinding
  • OCPBUGS-25214 - Backport OCPBUGS-3840 to 4.12
  • OCPBUGS-25303 - Machine API Operator vSphere controller references retired KCS for HW Version Migrations
  • OCPBUGS-25642 - [release-4.12] Add client version in must-gather summary

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started