-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Virtualization 4.13.4 security and bug fix update
Advisory ID:       RHSA-2023:5233-01
Product:           OpenShift Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5233
Issue date:        2023-09-19
CVE Names:         CVE-2016-3709 CVE-2022-41723 CVE-2023-1637 
                   CVE-2023-2602 CVE-2023-2603 CVE-2023-3354 
                   CVE-2023-3390 CVE-2023-3610 CVE-2023-3776 
                   CVE-2023-3899 CVE-2023-4004 CVE-2023-4147 
                   CVE-2023-20593 CVE-2023-21102 CVE-2023-30630 
                   CVE-2023-31248 CVE-2023-34969 CVE-2023-35001 
=====================================================================

1. Summary:

Red Hat OpenShift Virtualization release 4.13.4 is now available with
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.13.4 images.

Security Fix(es):

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK
decoding (CVE-2022-41723)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* USB-redirection regression (BZ#2221220)

* DataImportCron DVs do not respond to default storage class being set
(BZ#2232347)

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding
2221220 - USB-redirection regression
2232347 - DataImportCron DVs do not respond to default storage class being set

5. References:

https://access.redhat.com/security/cve/CVE-2016-3709
https://access.redhat.com/security/cve/CVE-2022-41723
https://access.redhat.com/security/cve/CVE-2023-1637
https://access.redhat.com/security/cve/CVE-2023-2602
https://access.redhat.com/security/cve/CVE-2023-2603
https://access.redhat.com/security/cve/CVE-2023-3354
https://access.redhat.com/security/cve/CVE-2023-3390
https://access.redhat.com/security/cve/CVE-2023-3610
https://access.redhat.com/security/cve/CVE-2023-3776
https://access.redhat.com/security/cve/CVE-2023-3899
https://access.redhat.com/security/cve/CVE-2023-4004
https://access.redhat.com/security/cve/CVE-2023-4147
https://access.redhat.com/security/cve/CVE-2023-20593
https://access.redhat.com/security/cve/CVE-2023-21102
https://access.redhat.com/security/cve/CVE-2023-30630
https://access.redhat.com/security/cve/CVE-2023-31248
https://access.redhat.com/security/cve/CVE-2023-34969
https://access.redhat.com/security/cve/CVE-2023-35001
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJlCb4IAAoJENzjgjWX9erETRwP/20c0zxVvSinjKKjZJeDH9hk
W3HPo4mNYJlx9PdBz11Uh3UlwRQAPMvedO9N3NMMGUnvxTNxWWE9Q/LY/PuzDu8n
GHbrLzrVWn4Ok0FxsY5AE9ENgsVz2Mv063+wCdRYpnZy7kVa8K1WH189xRxk+AbK
rDSAz3R7iY1mLy5Rw0MvYy0LbzT9zjteeWaQu94YuFDGEMe7BErWVFC5HX2iZ3js
kXjR4yGZkuLukq1fWdtbEaawIoOVnK3I59aO8gs+FdxVekW8HRJUv8wsTxRmwRUj
7pY+htflv5mY7stSszUg4q7FM4DJ75uCJk7Uw0eak7KSy/qpd69G1g0/SM1dIce9
eq67XN9B9BTU+iBURvJXfg/pn3hAMhXy87gn+r1AY/c3x7kw8SUyNZ7LH1Iw3mXg
Lr+mQCzqu3ybJMX/T6rEOqHiX14yLuk5tpb+FAeuWPHqgINUxiYVpeVwb1Se0JIL
O+61oyYGoHHxuSqazK1EgJPGAhtAwIaA4tQsiUkmY9p435DEdm5bm6mUvfIWn5B/
AkeJou+3Xx0fP0JXVPAfAUGBXoq+NGGs39UlPhcuxvg06JVDmE/MvgMKlYoNHcof
48fL3Hcac8ox92nOjvm/gOntoo7qSRoaAXVCVO0LaqYcdDYBC+eUplZvymdxGp3A
lXMK0Gsk/PAbyVsmL8II
=sU3r
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-5233:01 Moderate: OpenShift Virtualization 4.13.4

Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements

Summary

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.13.4 images.
Security Fix(es):
* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* USB-redirection regression (BZ#2221220)
* DataImportCron DVs do not respond to default storage class being set (BZ#2232347)



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2023-1637 https://access.redhat.com/security/cve/CVE-2023-2602 https://access.redhat.com/security/cve/CVE-2023-2603 https://access.redhat.com/security/cve/CVE-2023-3354 https://access.redhat.com/security/cve/CVE-2023-3390 https://access.redhat.com/security/cve/CVE-2023-3610 https://access.redhat.com/security/cve/CVE-2023-3776 https://access.redhat.com/security/cve/CVE-2023-3899 https://access.redhat.com/security/cve/CVE-2023-4004 https://access.redhat.com/security/cve/CVE-2023-4147 https://access.redhat.com/security/cve/CVE-2023-20593 https://access.redhat.com/security/cve/CVE-2023-21102 https://access.redhat.com/security/cve/CVE-2023-30630 https://access.redhat.com/security/cve/CVE-2023-31248 https://access.redhat.com/security/cve/CVE-2023-34969 https://access.redhat.com/security/cve/CVE-2023-35001 https://access.redhat.com/security/updates/classification/#moderate

Package List


Severity
Advisory ID: RHSA-2023:5233-01
Product: OpenShift Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2023:5233
Issued Date: : 2023-09-19
CVE Names: CVE-2016-3709 CVE-2022-41723 CVE-2023-1637 CVE-2023-2602 CVE-2023-2603 CVE-2023-3354 CVE-2023-3390 CVE-2023-3610 CVE-2023-3776 CVE-2023-3899 CVE-2023-4004 CVE-2023-4147 CVE-2023-20593 CVE-2023-21102 CVE-2023-30630 CVE-2023-31248 CVE-2023-34969 CVE-2023-35001

Topic

Red Hat OpenShift Virtualization release 4.13.4 is now available withupdates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

2221220 - USB-redirection regression

2232347 - DataImportCron DVs do not respond to default storage class being set


Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved