Red Hat Security Advisory 2023-6256-01 - Red Hat OpenShift Container Platform release 4.13.21 is now available with updates to packages and images that fix several bugs.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6256.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.13.21 security and extras update  
Advisory ID:        RHSA-2023:6256-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6256  
Issue date:         2023-11-08  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.13.21 is now available with updates to packages and images that fix several bugs.

This release includes a security update for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

There are no RPM packages for this update.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-6256-01

Red Hat Security Advisory 2023-6128-01 - Red Hat OpenShift Container Platform release 4.12.41 is now available with updates to packages and images that fix several bugs and add enhancements.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6128.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.12.41 packages and security update  
Advisory ID:        RHSA-2023:6128-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6128  
Issue date:         2023-11-01  
Revision:           01  
CVE Names:          CVE-2023-5625  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.12.41 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.41. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:6126

Security Fix(es):

* python-eventlet: patch regression for CVE-2021-21419 in some Red Hat builds (CVE-2023-5625)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

CVEs:

CVE-2023-5625

References:

https://access.redhat.com/security/updates/classification/#moderate

Red Hat Security Advisory 2023-6128-01

Red Hat Security Advisory 2023-6126-01 - Red Hat OpenShift Container Platform release 4.12.41 is now available with updates to packages and images that fix several bugs and add enhancements.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6126.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.12.41 bug fix and security update  
Advisory ID:        RHSA-2023:6126-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6126  
Issue date:         2023-11-01  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.12.41 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.41. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2023:6128

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-6126-01

A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.

**Synopsis**

Important: kpatch-patch security update

**Type/Severity**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.  

Security Fix(es):  

*   kernel: stack overflow in do\_proc\_dointvec and proc\_skip\_spaces (CVE-2022-4378)
*   ALSA: pcm: Move rwsem lock inside snd\_ctl\_elem\_read to prevent UAF (CVE-2023-0266)
*   kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)
*   kpatch: mm/mremap.c: incomplete fix for CVE-2022-41222 (CVE-2023-1476)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Affected Products**

*   Red Hat Enterprise Linux for x86\_64 8 x86\_64
*   Red Hat Enterprise Linux for x86\_64 - Extended Update Support 8.8 x86\_64
*   Red Hat Enterprise Linux for Power, little endian 8 ppc64le
*   Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
*   Red Hat Enterprise Linux Server - TUS 8.8 x86\_64
*   Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
*   Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 8.8 x86\_64

**Fixes**

*   BZ - 2152548 - CVE-2022-4378 kernel: stack overflow in do\_proc\_dointvec and proc\_skip\_spaces
*   BZ - 2159505 - CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation
*   BZ - 2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd\_ctl\_elem\_read to prevent UAF
*   BZ - 2176035 - CVE-2023-1476 kpatch: mm/mremap.c: incomplete fix for CVE-2022-41222

**CVEs**

*   CVE-2022-4378
*   CVE-2023-0266
*   CVE-2023-0386
*   CVE-2023-1476

**Red Hat Enterprise Linux for x86\_64 8**

SRPM

kpatch-patch-4\_18\_0-425\_10\_1-1-4.el8\_7.src.rpm

SHA-256: e872fdb82188cc699f36f2cbe61ea52dc61f425ad83b68afdcdd6a80212e7d9c

kpatch-patch-4\_18\_0-425\_13\_1-1-2.el8\_7.src.rpm

SHA-256: 0f52bcea31d2be61f55ce3643195653d28bb8ff35b8f92c646cc94d59be99b1f

kpatch-patch-4\_18\_0-425\_3\_1-1-6.el8.src.rpm

SHA-256: 03af08bdd51471b378f7edcfbf253ed18b365038e0db4afb0548b13aba6bbe3e

x86\_64

kpatch-patch-4\_18\_0-425\_10\_1-1-4.el8\_7.x86\_64.rpm

SHA-256: 6d433b6b85596a5c6aa58fcb5ff45415dd00abf61c50cf6cef95ba5a1a739eca

kpatch-patch-4\_18\_0-425\_10\_1-debuginfo-1-4.el8\_7.x86\_64.rpm

SHA-256: c4187a4fb8d70c102d135717b19ba71fc3755d799a712d4c26d9ea5e9a908ade

kpatch-patch-4\_18\_0-425\_10\_1-debugsource-1-4.el8\_7.x86\_64.rpm

SHA-256: 64e783f1c838e12cf76b6b42b4f8b13fac21b196d19505ea6d108e623914c91b

kpatch-patch-4\_18\_0-425\_13\_1-1-2.el8\_7.x86\_64.rpm

SHA-256: ed03e9eaa790c07229fee250d22160a9e74fdc4485f7a57658c1dea2a6108b3e

kpatch-patch-4\_18\_0-425\_13\_1-debuginfo-1-2.el8\_7.x86\_64.rpm

SHA-256: af51bdc1fa6595123ab68217f1d346ad0292bd52c4aa4ee472f2009588acd271

kpatch-patch-4\_18\_0-425\_13\_1-debugsource-1-2.el8\_7.x86\_64.rpm

SHA-256: f497c202ab015e098852ce09bb94bad1912b0b258e147fe210d73fab269188e2

kpatch-patch-4\_18\_0-425\_3\_1-1-6.el8.x86\_64.rpm

SHA-256: 2ccc2dd53b01ad7a9b60208c04912be93950134ae1f7e791b5becfa869f0d5f9

kpatch-patch-4\_18\_0-425\_3\_1-debuginfo-1-6.el8.x86\_64.rpm

SHA-256: e79d55e1e249de0c8d4c1ac081d630a72d6bf1fbd4af981c4f6e8c72993e0591

kpatch-patch-4\_18\_0-425\_3\_1-debugsource-1-6.el8.x86\_64.rpm

SHA-256: 9ee13f349e3a81279c8c2cacfa71c1b82537f9c4fd1ae0a86d6d2ad1a6ee33f4

**Red Hat Enterprise Linux for x86\_64 - Extended Update Support 8.8**

SRPM

kpatch-patch-4\_18\_0-425\_10\_1-1-4.el8\_7.src.rpm

SHA-256: e872fdb82188cc699f36f2cbe61ea52dc61f425ad83b68afdcdd6a80212e7d9c

kpatch-patch-4\_18\_0-425\_13\_1-1-2.el8\_7.src.rpm

SHA-256: 0f52bcea31d2be61f55ce3643195653d28bb8ff35b8f92c646cc94d59be99b1f

kpatch-patch-4\_18\_0-425\_3\_1-1-6.el8.src.rpm

SHA-256: 03af08bdd51471b378f7edcfbf253ed18b365038e0db4afb0548b13aba6bbe3e

x86\_64

kpatch-patch-4\_18\_0-425\_10\_1-1-4.el8\_7.x86\_64.rpm

SHA-256: 6d433b6b85596a5c6aa58fcb5ff45415dd00abf61c50cf6cef95ba5a1a739eca

kpatch-patch-4\_18\_0-425\_10\_1-debuginfo-1-4.el8\_7.x86\_64.rpm

SHA-256: c4187a4fb8d70c102d135717b19ba71fc3755d799a712d4c26d9ea5e9a908ade

kpatch-patch-4\_18\_0-425\_10\_1-debugsource-1-4.el8\_7.x86\_64.rpm

SHA-256: 64e783f1c838e12cf76b6b42b4f8b13fac21b196d19505ea6d108e623914c91b

kpatch-patch-4\_18\_0-425\_13\_1-1-2.el8\_7.x86\_64.rpm

SHA-256: ed03e9eaa790c07229fee250d22160a9e74fdc4485f7a57658c1dea2a6108b3e

kpatch-patch-4\_18\_0-425\_13\_1-debuginfo-1-2.el8\_7.x86\_64.rpm

SHA-256: af51bdc1fa6595123ab68217f1d346ad0292bd52c4aa4ee472f2009588acd271

kpatch-patch-4\_18\_0-425\_13\_1-debugsource-1-2.el8\_7.x86\_64.rpm

SHA-256: f497c202ab015e098852ce09bb94bad1912b0b258e147fe210d73fab269188e2

kpatch-patch-4\_18\_0-425\_3\_1-1-6.el8.x86\_64.rpm

SHA-256: 2ccc2dd53b01ad7a9b60208c04912be93950134ae1f7e791b5becfa869f0d5f9

kpatch-patch-4\_18\_0-425\_3\_1-debuginfo-1-6.el8.x86\_64.rpm

SHA-256: e79d55e1e249de0c8d4c1ac081d630a72d6bf1fbd4af981c4f6e8c72993e0591

kpatch-patch-4\_18\_0-425\_3\_1-debugsource-1-6.el8.x86\_64.rpm

SHA-256: 9ee13f349e3a81279c8c2cacfa71c1b82537f9c4fd1ae0a86d6d2ad1a6ee33f4

**Red Hat Enterprise Linux for Power, little endian 8**

SRPM

kpatch-patch-4\_18\_0-425\_10\_1-1-4.el8\_7.src.rpm

SHA-256: e872fdb82188cc699f36f2cbe61ea52dc61f425ad83b68afdcdd6a80212e7d9c

kpatch-patch-4\_18\_0-425\_13\_1-1-2.el8\_7.src.rpm

SHA-256: 0f52bcea31d2be61f55ce3643195653d28bb8ff35b8f92c646cc94d59be99b1f

kpatch-patch-4\_18\_0-425\_3\_1-1-6.el8.src.rpm

SHA-256: 03af08bdd51471b378f7edcfbf253ed18b365038e0db4afb0548b13aba6bbe3e

ppc64le

kpatch-patch-4\_18\_0-425\_10\_1-1-4.el8\_7.ppc64le.rpm

SHA-256: 48313af6a14d0cae5a41d2ea4769af355b908e0393c73b46101dc35255b698e0

kpatch-patch-4\_18\_0-425\_10\_1-debuginfo-1-4.el8\_7.ppc64le.rpm

SHA-256: 9208da93648c7634deae31dcb5e9cbe5f22eaa469fb6dfe846750b44b406ec40

kpatch-patch-4\_18\_0-425\_10\_1-debugsource-1-4.el8\_7.ppc64le.rpm

SHA-256: 1b703653ec7952f1d0d87aa482e4c98be981403a77374bf19cc0277e0b3e92f1

kpatch-patch-4\_18\_0-425\_13\_1-1-2.el8\_7.ppc64le.rpm

SHA-256: 67243a7de9b0c93fcc89df893b8143814db46b8b9862723a23bb9e33b8598f4f

kpatch-patch-4\_18\_0-425\_13\_1-debuginfo-1-2.el8\_7.ppc64le.rpm

SHA-256: 4aa7c3d8def9371f6a31b415bda07be1754e3fe78e50d6ce966f580a038562c9

kpatch-patch-4\_18\_0-425\_13\_1-debugsource-1-2.el8\_7.ppc64le.rpm

SHA-256: 1191fdcf1ee9395805dbae787422a877cfae4a353f925cb92b4b30ca3d92afee

kpatch-patch-4\_18\_0-425\_3\_1-1-6.el8.ppc64le.rpm

SHA-256: 151792425cf2b6f2eb0d2ca81326975c90b6b4890248a861de943e9238dde708

kpatch-patch-4\_18\_0-425\_3\_1-debuginfo-1-6.el8.ppc64le.rpm

SHA-256: 5474849ef939672cf484a5e00d1c746876ffb3cd4381764afbb281b194cd87f9

kpatch-patch-4\_18\_0-425\_3\_1-debugsource-1-6.el8.ppc64le.rpm

SHA-256: dd2116cf07c3928dd277f6e6d6e586347e5b6c7932303d9828636fbc806f951d

**Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8**

SRPM

kpatch-patch-4\_18\_0-425\_10\_1-1-4.el8\_7.src.rpm

SHA-256: e872fdb82188cc699f36f2cbe61ea52dc61f425ad83b68afdcdd6a80212e7d9c

kpatch-patch-4\_18\_0-425\_13\_1-1-2.el8\_7.src.rpm

SHA-256: 0f52bcea31d2be61f55ce3643195653d28bb8ff35b8f92c646cc94d59be99b1f

kpatch-patch-4\_18\_0-425\_3\_1-1-6.el8.src.rpm

SHA-256: 03af08bdd51471b378f7edcfbf253ed18b365038e0db4afb0548b13aba6bbe3e

ppc64le

kpatch-patch-4\_18\_0-425\_10\_1-1-4.el8\_7.ppc64le.rpm

SHA-256: 48313af6a14d0cae5a41d2ea4769af355b908e0393c73b46101dc35255b698e0

kpatch-patch-4\_18\_0-425\_10\_1-debuginfo-1-4.el8\_7.ppc64le.rpm

SHA-256: 9208da93648c7634deae31dcb5e9cbe5f22eaa469fb6dfe846750b44b406ec40

kpatch-patch-4\_18\_0-425\_10\_1-debugsource-1-4.el8\_7.ppc64le.rpm

SHA-256: 1b703653ec7952f1d0d87aa482e4c98be981403a77374bf19cc0277e0b3e92f1

kpatch-patch-4\_18\_0-425\_13\_1-1-2.el8\_7.ppc64le.rpm

SHA-256: 67243a7de9b0c93fcc89df893b8143814db46b8b9862723a23bb9e33b8598f4f

kpatch-patch-4\_18\_0-425\_13\_1-debuginfo-1-2.el8\_7.ppc64le.rpm

SHA-256: 4aa7c3d8def9371f6a31b415bda07be1754e3fe78e50d6ce966f580a038562c9

kpatch-patch-4\_18\_0-425\_13\_1-debugsource-1-2.el8\_7.ppc64le.rpm

SHA-256: 1191fdcf1ee9395805dbae787422a877cfae4a353f925cb92b4b30ca3d92afee

kpatch-patch-4\_18\_0-425\_3\_1-1-6.el8.ppc64le.rpm

SHA-256: 151792425cf2b6f2eb0d2ca81326975c90b6b4890248a861de943e9238dde708

kpatch-patch-4\_18\_0-425\_3\_1-debuginfo-1-6.el8.ppc64le.rpm

SHA-256: 5474849ef939672cf484a5e00d1c746876ffb3cd4381764afbb281b194cd87f9

kpatch-patch-4\_18\_0-425\_3\_1-debugsource-1-6.el8.ppc64le.rpm

SHA-256: dd2116cf07c3928dd277f6e6d6e586347e5b6c7932303d9828636fbc806f951d

**Red Hat Enterprise Linux Server - TUS 8.8**

SRPM

kpatch-patch-4\_18\_0-425\_10\_1-1-4.el8\_7.src.rpm

SHA-256: e872fdb82188cc699f36f2cbe61ea52dc61f425ad83b68afdcdd6a80212e7d9c

kpatch-patch-4\_18\_0-425\_13\_1-1-2.el8\_7.src.rpm

SHA-256: 0f52bcea31d2be61f55ce3643195653d28bb8ff35b8f92c646cc94d59be99b1f

kpatch-patch-4\_18\_0-425\_3\_1-1-6.el8.src.rpm

SHA-256: 03af08bdd51471b378f7edcfbf253ed18b365038e0db4afb0548b13aba6bbe3e

x86\_64

kpatch-patch-4\_18\_0-425\_10\_1-1-4.el8\_7.x86\_64.rpm

SHA-256: 6d433b6b85596a5c6aa58fcb5ff45415dd00abf61c50cf6cef95ba5a1a739eca

kpatch-patch-4\_18\_0-425\_10\_1-debuginfo-1-4.el8\_7.x86\_64.rpm

SHA-256: c4187a4fb8d70c102d135717b19ba71fc3755d799a712d4c26d9ea5e9a908ade

kpatch-patch-4\_18\_0-425\_10\_1-debugsource-1-4.el8\_7.x86\_64.rpm

SHA-256: 64e783f1c838e12cf76b6b42b4f8b13fac21b196d19505ea6d108e623914c91b

kpatch-patch-4\_18\_0-425\_13\_1-1-2.el8\_7.x86\_64.rpm

SHA-256: ed03e9eaa790c07229fee250d22160a9e74fdc4485f7a57658c1dea2a6108b3e

kpatch-patch-4\_18\_0-425\_13\_1-debuginfo-1-2.el8\_7.x86\_64.rpm

SHA-256: af51bdc1fa6595123ab68217f1d346ad0292bd52c4aa4ee472f2009588acd271

kpatch-patch-4\_18\_0-425\_13\_1-debugsource-1-2.el8\_7.x86\_64.rpm

SHA-256: f497c202ab015e098852ce09bb94bad1912b0b258e147fe210d73fab269188e2

kpatch-patch-4\_18\_0-425\_3\_1-1-6.el8.x86\_64.rpm

SHA-256: 2ccc2dd53b01ad7a9b60208c04912be93950134ae1f7e791b5becfa869f0d5f9

kpatch-patch-4\_18\_0-425\_3\_1-debuginfo-1-6.el8.x86\_64.rpm

SHA-256: e79d55e1e249de0c8d4c1ac081d630a72d6bf1fbd4af981c4f6e8c72993e0591

kpatch-patch-4\_18\_0-425\_3\_1-debugsource-1-6.el8.x86\_64.rpm

SHA-256: 9ee13f349e3a81279c8c2cacfa71c1b82537f9c4fd1ae0a86d6d2ad1a6ee33f4

**Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8**

SRPM

kpatch-patch-4\_18\_0-425\_10\_1-1-4.el8\_7.src.rpm

SHA-256: e872fdb82188cc699f36f2cbe61ea52dc61f425ad83b68afdcdd6a80212e7d9c

kpatch-patch-4\_18\_0-425\_13\_1-1-2.el8\_7.src.rpm

SHA-256: 0f52bcea31d2be61f55ce3643195653d28bb8ff35b8f92c646cc94d59be99b1f

kpatch-patch-4\_18\_0-425\_3\_1-1-6.el8.src.rpm

SHA-256: 03af08bdd51471b378f7edcfbf253ed18b365038e0db4afb0548b13aba6bbe3e

ppc64le

kpatch-patch-4\_18\_0-425\_10\_1-1-4.el8\_7.ppc64le.rpm

SHA-256: 48313af6a14d0cae5a41d2ea4769af355b908e0393c73b46101dc35255b698e0

kpatch-patch-4\_18\_0-425\_10\_1-debuginfo-1-4.el8\_7.ppc64le.rpm

SHA-256: 9208da93648c7634deae31dcb5e9cbe5f22eaa469fb6dfe846750b44b406ec40

kpatch-patch-4\_18\_0-425\_10\_1-debugsource-1-4.el8\_7.ppc64le.rpm

SHA-256: 1b703653ec7952f1d0d87aa482e4c98be981403a77374bf19cc0277e0b3e92f1

kpatch-patch-4\_18\_0-425\_13\_1-1-2.el8\_7.ppc64le.rpm

SHA-256: 67243a7de9b0c93fcc89df893b8143814db46b8b9862723a23bb9e33b8598f4f

kpatch-patch-4\_18\_0-425\_13\_1-debuginfo-1-2.el8\_7.ppc64le.rpm

SHA-256: 4aa7c3d8def9371f6a31b415bda07be1754e3fe78e50d6ce966f580a038562c9

kpatch-patch-4\_18\_0-425\_13\_1-debugsource-1-2.el8\_7.ppc64le.rpm

SHA-256: 1191fdcf1ee9395805dbae787422a877cfae4a353f925cb92b4b30ca3d92afee

kpatch-patch-4\_18\_0-425\_3\_1-1-6.el8.ppc64le.rpm

SHA-256: 151792425cf2b6f2eb0d2ca81326975c90b6b4890248a861de943e9238dde708

kpatch-patch-4\_18\_0-425\_3\_1-debuginfo-1-6.el8.ppc64le.rpm

SHA-256: 5474849ef939672cf484a5e00d1c746876ffb3cd4381764afbb281b194cd87f9

kpatch-patch-4\_18\_0-425\_3\_1-debugsource-1-6.el8.ppc64le.rpm

SHA-256: dd2116cf07c3928dd277f6e6d6e586347e5b6c7932303d9828636fbc806f951d

**Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 8.8**

SRPM

kpatch-patch-4\_18\_0-425\_10\_1-1-4.el8\_7.src.rpm

SHA-256: e872fdb82188cc699f36f2cbe61ea52dc61f425ad83b68afdcdd6a80212e7d9c

kpatch-patch-4\_18\_0-425\_13\_1-1-2.el8\_7.src.rpm

SHA-256: 0f52bcea31d2be61f55ce3643195653d28bb8ff35b8f92c646cc94d59be99b1f

kpatch-patch-4\_18\_0-425\_3\_1-1-6.el8.src.rpm

SHA-256: 03af08bdd51471b378f7edcfbf253ed18b365038e0db4afb0548b13aba6bbe3e

x86\_64

kpatch-patch-4\_18\_0-425\_10\_1-1-4.el8\_7.x86\_64.rpm

SHA-256: 6d433b6b85596a5c6aa58fcb5ff45415dd00abf61c50cf6cef95ba5a1a739eca

kpatch-patch-4\_18\_0-425\_10\_1-debuginfo-1-4.el8\_7.x86\_64.rpm

SHA-256: c4187a4fb8d70c102d135717b19ba71fc3755d799a712d4c26d9ea5e9a908ade

kpatch-patch-4\_18\_0-425\_10\_1-debugsource-1-4.el8\_7.x86\_64.rpm

SHA-256: 64e783f1c838e12cf76b6b42b4f8b13fac21b196d19505ea6d108e623914c91b

kpatch-patch-4\_18\_0-425\_13\_1-1-2.el8\_7.x86\_64.rpm

SHA-256: ed03e9eaa790c07229fee250d22160a9e74fdc4485f7a57658c1dea2a6108b3e

kpatch-patch-4\_18\_0-425\_13\_1-debuginfo-1-2.el8\_7.x86\_64.rpm

SHA-256: af51bdc1fa6595123ab68217f1d346ad0292bd52c4aa4ee472f2009588acd271

kpatch-patch-4\_18\_0-425\_13\_1-debugsource-1-2.el8\_7.x86\_64.rpm

SHA-256: f497c202ab015e098852ce09bb94bad1912b0b258e147fe210d73fab269188e2

kpatch-patch-4\_18\_0-425\_3\_1-1-6.el8.x86\_64.rpm

SHA-256: 2ccc2dd53b01ad7a9b60208c04912be93950134ae1f7e791b5becfa869f0d5f9

kpatch-patch-4\_18\_0-425\_3\_1-debuginfo-1-6.el8.x86\_64.rpm

SHA-256: e79d55e1e249de0c8d4c1ac081d630a72d6bf1fbd4af981c4f6e8c72993e0591

kpatch-patch-4\_18\_0-425\_3\_1-debugsource-1-6.el8.x86\_64.rpm

SHA-256: 9ee13f349e3a81279c8c2cacfa71c1b82537f9c4fd1ae0a86d6d2ad1a6ee33f4

CVE-2023-1476

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.

CVE-2023-5408

Red Hat Security Advisory 2023-5896-01 - Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5896.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.12.40 bug fix and security update  
Advisory ID:        RHSA-2023:5896-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:5896  
Issue date:         2023-10-25  
Revision:           01  
CVE Names:          CVE-2023-44487  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.40. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2023:5898

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

CVEs:

CVE-2023-44487

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-5896-01

Red Hat Security Advisory 2023-5895-01 - Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5895.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.12.40 security and extras update  
Advisory ID:        RHSA-2023:5895-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:5895  
Issue date:         2023-10-25  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.40. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:5896

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-5895-01

Red Hat Security Advisory 2023-6059-01 - Red Hat OpenShift Pipelines Client tkn for 1.12.1 has been released. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6059.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat OpenShift Pipelines Client tkn for 1.12.1 release and security updateAdvisory ID:        RHSA-2023:6059-01Product:            Red Hat OpenShift PipelinesAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6059Issue date:         2023-10-23Revision:           01CVE Names:          CVE-2023-39325====================================================================Summary: Red Hat OpenShift Pipelines Client tkn for 1.12.1 has been released.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat OpenShift Pipelines Client, tkn for the 1.12.1 release, provides a CLI  tool to interact with the Pipelines and Triggers components provided by Red Hat OpenShift Pipelines 1.12.1The tkn CLI tool is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.Security Fix(es):* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39325References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003https://docs.openshift.com/container-platform/4.13/cli_reference/tkn_cli/installing-tkn.html

Red Hat Security Advisory 2023-6059-01

Red Hat Security Advisory 2023-5679-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.39. Issues addressed include a denial of service vulnerability.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5679.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.12.39 packages and security update  
Advisory ID:        RHSA-2023:5679-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:5679  
Issue date:         2023-10-18  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.12.39 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.39. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:5677

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2023-5679-01

Red Hat Security Advisory 2023-5775-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5775.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2023:5775-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:5775Issue date:         2023-10-17Revision:           01CVE Names:          CVE-2023-3609====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)* kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)* kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-3609References:https://access.redhat.com/security/updates/classification/#important

Tag

#rpm