-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Virtualization 4.13.4 security and bug fix update
Advisory ID:       RHSA-2023:5233-01
Product:           OpenShift Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5233
Issue date:        2023-09-19
CVE Names:         CVE-2016-3709 CVE-2022-41723 CVE-2023-1637 
                   CVE-2023-2602 CVE-2023-2603 CVE-2023-3354 
                   CVE-2023-3390 CVE-2023-3610 CVE-2023-3776 
                   CVE-2023-3899 CVE-2023-4004 CVE-2023-4147 
                   CVE-2023-20593 CVE-2023-21102 CVE-2023-30630 
                   CVE-2023-31248 CVE-2023-34969 CVE-2023-35001 
=====================================================================

1. Summary:

Red Hat OpenShift Virtualization release 4.13.4 is now available with
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.13.4 images.

Security Fix(es):

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK
decoding (CVE-2022-41723)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* USB-redirection regression (BZ#2221220)

* DataImportCron DVs do not respond to default storage class being set
(BZ#2232347)

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding
2221220 - USB-redirection regression
2232347 - DataImportCron DVs do not respond to default storage class being set

5. References:

https://access.redhat.com/security/cve/CVE-2016-3709
https://access.redhat.com/security/cve/CVE-2022-41723
https://access.redhat.com/security/cve/CVE-2023-1637
https://access.redhat.com/security/cve/CVE-2023-2602
https://access.redhat.com/security/cve/CVE-2023-2603
https://access.redhat.com/security/cve/CVE-2023-3354
https://access.redhat.com/security/cve/CVE-2023-3390
https://access.redhat.com/security/cve/CVE-2023-3610
https://access.redhat.com/security/cve/CVE-2023-3776
https://access.redhat.com/security/cve/CVE-2023-3899
https://access.redhat.com/security/cve/CVE-2023-4004
https://access.redhat.com/security/cve/CVE-2023-4147
https://access.redhat.com/security/cve/CVE-2023-20593
https://access.redhat.com/security/cve/CVE-2023-21102
https://access.redhat.com/security/cve/CVE-2023-30630
https://access.redhat.com/security/cve/CVE-2023-31248
https://access.redhat.com/security/cve/CVE-2023-34969
https://access.redhat.com/security/cve/CVE-2023-35001
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJlCb4IAAoJENzjgjWX9erETRwP/20c0zxVvSinjKKjZJeDH9hk
W3HPo4mNYJlx9PdBz11Uh3UlwRQAPMvedO9N3NMMGUnvxTNxWWE9Q/LY/PuzDu8n
GHbrLzrVWn4Ok0FxsY5AE9ENgsVz2Mv063+wCdRYpnZy7kVa8K1WH189xRxk+AbK
rDSAz3R7iY1mLy5Rw0MvYy0LbzT9zjteeWaQu94YuFDGEMe7BErWVFC5HX2iZ3js
kXjR4yGZkuLukq1fWdtbEaawIoOVnK3I59aO8gs+FdxVekW8HRJUv8wsTxRmwRUj
7pY+htflv5mY7stSszUg4q7FM4DJ75uCJk7Uw0eak7KSy/qpd69G1g0/SM1dIce9
eq67XN9B9BTU+iBURvJXfg/pn3hAMhXy87gn+r1AY/c3x7kw8SUyNZ7LH1Iw3mXg
Lr+mQCzqu3ybJMX/T6rEOqHiX14yLuk5tpb+FAeuWPHqgINUxiYVpeVwb1Se0JIL
O+61oyYGoHHxuSqazK1EgJPGAhtAwIaA4tQsiUkmY9p435DEdm5bm6mUvfIWn5B/
AkeJou+3Xx0fP0JXVPAfAUGBXoq+NGGs39UlPhcuxvg06JVDmE/MvgMKlYoNHcof
48fL3Hcac8ox92nOjvm/gOntoo7qSRoaAXVCVO0LaqYcdDYBC+eUplZvymdxGp3A
lXMK0Gsk/PAbyVsmL8II
=sU3r
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-5233:01 Moderate: OpenShift Virtualization 4.13.4

Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements

Summary

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.13.4 images.
Security Fix(es):
* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* USB-redirection regression (BZ#2221220)
* DataImportCron DVs do not respond to default storage class being set (BZ#2232347)



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2023-1637 https://access.redhat.com/security/cve/CVE-2023-2602 https://access.redhat.com/security/cve/CVE-2023-2603 https://access.redhat.com/security/cve/CVE-2023-3354 https://access.redhat.com/security/cve/CVE-2023-3390 https://access.redhat.com/security/cve/CVE-2023-3610 https://access.redhat.com/security/cve/CVE-2023-3776 https://access.redhat.com/security/cve/CVE-2023-3899 https://access.redhat.com/security/cve/CVE-2023-4004 https://access.redhat.com/security/cve/CVE-2023-4147 https://access.redhat.com/security/cve/CVE-2023-20593 https://access.redhat.com/security/cve/CVE-2023-21102 https://access.redhat.com/security/cve/CVE-2023-30630 https://access.redhat.com/security/cve/CVE-2023-31248 https://access.redhat.com/security/cve/CVE-2023-34969 https://access.redhat.com/security/cve/CVE-2023-35001 https://access.redhat.com/security/updates/classification/#moderate

Package List


Severity
Advisory ID: RHSA-2023:5233-01
Product: OpenShift Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2023:5233
Issued Date: : 2023-09-19
CVE Names: CVE-2016-3709 CVE-2022-41723 CVE-2023-1637 CVE-2023-2602 CVE-2023-2603 CVE-2023-3354 CVE-2023-3390 CVE-2023-3610 CVE-2023-3776 CVE-2023-3899 CVE-2023-4004 CVE-2023-4147 CVE-2023-20593 CVE-2023-21102 CVE-2023-30630 CVE-2023-31248 CVE-2023-34969 CVE-2023-35001

Topic

Red Hat OpenShift Virtualization release 4.13.4 is now available withupdates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

2221220 - USB-redirection regression

2232347 - DataImportCron DVs do not respond to default storage class being set


Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved