{"id":45410,"date":"2023-07-21T20:12:24","date_gmt":"2023-07-21T16:12:24","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/173668\/RHSA-2023-4238-01.txt"},"modified":"2023-07-22T10:43:33","modified_gmt":"2023-07-22T06:13:33","slug":"red-hat-security-advisory-2023-4238-01","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/red-hat-security-advisory-2023-4238-01\/","title":{"rendered":"Red Hat Security Advisory 2023-4238-01"},"content":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—–
\nHash: SHA256<\/p>\n

=====================================================================
\nRed Hat Security Advisory<\/p>\n

Synopsis: Moderate: Red Hat OpenShift Data Foundation 4.11.9 security and bug fix update
\nAdvisory ID: RHSA-2023:4238-01
\nProduct: Red Hat OpenShift Data Foundation
\nAdvisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2023:4238
\nIssue date: 2023-07-20
\nCVE Names: CVE-2020-24736 CVE-2022-2795 CVE-2022-36227
\nCVE-2022-40023 CVE-2023-1667 CVE-2023-2283
\nCVE-2023-2491 CVE-2023-3089 CVE-2023-24329
\nCVE-2023-26604 CVE-2023-27535
\n=====================================================================<\/p>\n

1. Summary:<\/p>\n

Updated images that fix several bugs are now available for Red Hat
\nOpenShift Data Foundation 4.11.9 on Red Hat Enterprise Linux 8 from Red Hat
\nContainer Registry.<\/p>\n

Red Hat Product Security has rated this update as having a security impact
\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
\ngives a detailed severity rating, is available for each vulnerability from
\nthe CVE link(s) in the References section.<\/p>\n

2. Description:<\/p>\n

Red Hat OpenShift Data Foundation is software-defined storage integrated
\nwith and optimized for the Red Hat OpenShift Data Foundation. Red Hat
\nOpenShift Data Foundation is a highly scalable, production-grade persistent
\nstorage for stateful applications running in the Red Hat OpenShift
\nContainer Platform. In addition to persistent storage, Red Hat OpenShift
\nData Foundation provisions a multi-cloud data management service with an
\nS3-compatible API.<\/p>\n

Security Fix(es):<\/p>\n

* openshift: OCP & FIPS mode (CVE-2023-3089)<\/p>\n

For more details about the security issue(s), including the impact, a CVSS
\nscore, acknowledgments, and other related information, refer to the CVE
\npage(s) listed in the References section.<\/p>\n

Bug Fix(es):<\/p>\n

* [Backport-4.11.z][KMS][VAULT] Storage cluster remains in ‘Progressing’
\nstate during deployment with storage class encryption, despite all pods
\nbeing up and running. (BZ#2209254)<\/p>\n

* Set \u200b\u200bmaxOpenShiftVersion to block OpenShift that didn’t upgrade ODF
\nversion (BZ#2213451)<\/p>\n

All users of Red Hat OpenShift Data Foundation are advised to upgrade to
\nthese updated images, which provide these bug fixes.<\/p>\n

3. Solution:<\/p>\n

For details on how to apply this update, which includes the changes
\ndescribed in this advisory, refer to:<\/p>\n

https:\/\/access.redhat.com\/articles\/11258<\/p>\n

4. Bugs fixed (https:\/\/bugzilla.redhat.com\/):<\/p>\n

2209254 – [Backport-4.11.z][KMS][VAULT] Storage cluster remains in ‘Progressing’ state during deployment with storage class encryption, despite all pods being up and running.
\n2211594 – [ODF 4.11] [GSS] unknown parameter name “FORCE_OSD_REMOVAL”
\n2212085 – CVE-2023-3089 openshift: OCP & FIPS mode
\n2213451 – Set ??maxOpenShiftVersion to block OpenShift that didn’t upgrade ODF version
\n2224268 – [Major Incident] CVE-2023-3089 mcg-operator-container: openshift: OCP & FIPS mode [openshift-data-foundation-4.11]\n

5. References:<\/p>\n

https:\/\/access.redhat.com\/security\/cve\/CVE-2020-24736
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-2795
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-36227
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-40023
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-1667
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-2283
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-2491
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-3089
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-24329
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-26604
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-27535
\nhttps:\/\/access.redhat.com\/security\/updates\/classification\/#moderate
\nhttps:\/\/access.redhat.com\/security\/vulnerabilities\/RHSB-2023-001<\/p>\n

6. Contact:<\/p>\n

The Red Hat security contact is <secalert@redhat.com>. More contact
\ndetails at https:\/\/access.redhat.com\/security\/team\/contact\/<\/p>\n

Copyright 2023 Red Hat, Inc.
\n—–BEGIN PGP SIGNATURE—–
\nVersion: GnuPG v1<\/p>\n

iQIcBAEBCAAGBQJkuYUSAAoJENzjgjWX9erEHFUP\/Aoi+Jf\/yfXTimePl9G7nYHh
\nOCmC\/5nLd2eHzI2zvvJi\/1OOsHn6gNESbmDA8L\/eWpUnUaw3rCqJA+uSWmHxqOs8
\nJC\/nUQSNpZ4qBr6dY+srckbvEW68xliPD7ypcIe0VTl+d9vmWmcQ3OraUygGydUA
\nuGHKS16\/8VUK7wpca2A49bUMfIqWVCEOjYpsOX1tXmRfMKxowZ8cz+gTIR3iEGb9
\nTE9zx6ZOGzC75NoLStbgdmgCypLIKkVrrPV61vI6Ux\/hEEKp2a7tdtMEyaS7oh2q
\nlAm\/WV6oyvGZinUZ8Oy95erNGq8aoS7XKrskkqAiRYempFeEf02haBEyB0ocqAH\/
\n8vO1QtkzTWawNjkYYi8XS+HN6WawUHXPdl6Au0MFbeTQf9HfEiWkL369PNVo\/1m3
\n8rPZbbxi7hqQrJGdlFCh91DQXqWp+tcKBgGW0ybALI2dQe+QQhyOV56xSkd1Q4Xk
\n6ytK2Mm493eqZRc6yQApCChyggRO3TfHs+JGAE4tKXmmIlPwFosd\/6dpjzwMDB1D
\nDd8iHrkYjG4+\/mErMJZAc0NJsohr7yYkmJuzs2NI\/\/RThy3RtivdnpPTkEQJwpvN
\noM9xyvoli9BqnH6ec3asWops2Z5TNhlmc71fcf2nXCP8U4vjK7lKlPtUSL8KGGGY
\npHZiOudZ33xTkcgYgNGn
\n=s5RK
\n—–END PGP SIGNATURE—–
\n—
\nRHSA-announce mailing list
\nRHSA-announce@redhat.com
\nhttps:\/\/listman.redhat.com\/mailman\/listinfo\/rhsa-announce<\/p>\n","protected":false},"excerpt":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Data Foundation 4.11.9 security and bug fix update Advisory ID: RHSA-2023:4238-01 Product: Red Hat OpenShift Data Foundation Advisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2023:4238 Issue date: 2023-07-20 CVE Names: CVE-2020-24736 CVE-2022-2795 CVE-2022-36227 CVE-2022-40023 CVE-2023-1667 CVE-2023-2283 CVE-2023-2491 CVE-2023-3089 CVE-2023-24329 CVE-2023-26604 CVE-2023-27535 ===================================================================== 1. Summary: …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-45410","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45410","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=45410"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45410\/revisions"}],"predecessor-version":[{"id":45434,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45410\/revisions\/45434"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=45410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=45410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=45410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}