Red Hat Product Errata RHBA-2024:8280 - Bug Fix Advisory
Issued:
2024-10-21
Updated:
2024-10-21

RHBA-2024:8280 - Bug Fix Advisory

Synopsis

updated Red Hat OpenShift Dev Spaces 3 Containers container images

Type/Severity

Bug Fix Advisory

Topic

Updated Red Hat OpenShift Dev Spaces 3 Containers container images are now available

Description

The Red Hat OpenShift Dev Spaces 3 Containers container images have been updated to address the following security advisory: RHSA-2024:8124 (see References)

Users of Red Hat OpenShift Dev Spaces 3 Containers container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Red Hat OpenShift Dev Spaces 3 Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • Red Hat OpenShift Dev Spaces 3 x86_64

Fixes

  • BZ - 2251025 - CVE-2023-48161 giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function
  • BZ - 2318524 - CVE-2024-21210 JDK: Array indexing integer overflow (8328544)
  • BZ - 2318526 - CVE-2024-21208 JDK: HTTP client improper handling of maxHeaderSize (8328286)
  • BZ - 2318530 - CVE-2024-21217 JDK: Unbounded allocation leads to out-of-memory error (8331446)
  • BZ - 2318534 - CVE-2024-21235 JDK: Integer conversion error leads to incorrect range check (8332644)

ppc64le

devspaces/pluginregistry-rhel8@sha256:dfa8f227da27966953b067a7368c21403dc036830e98b12632a8c34ae7bea7d0
devspaces/server-rhel8@sha256:d886306cadd79749ce9c28b29f1beeaa5644330e1f233edb14b4cd1860f8390a
devspaces/udi-rhel8@sha256:e55385ef89f10cd873ffd6d9513736b4b0ee66f1562b6ded7ff3d4468dc38c0f

s390x

devspaces/pluginregistry-rhel8@sha256:7d1cd1c12ec952bf8e9f7880ce3f22e42b9a988af0ab092485ed49bf2fe4ef69
devspaces/server-rhel8@sha256:db2889e536a727732b54cbd954b501b5a1b2ea9ef508ba3c7759fb7e60448138
devspaces/udi-rhel8@sha256:b95c8696a140603d3d9d7b34c1b9e4a9903b6b7c886fd44d735b92d9a1cb3e19

x86_64

devspaces/pluginregistry-rhel8@sha256:64e3c347269aa978d70d5076c6eaa19584d2b3d6f5fedbe8dafe8b41cb0a2fd6
devspaces/server-rhel8@sha256:bd220b65f49cd6f83201088dd0ea9db7939337267ba8365e52c54892ab2db79f
devspaces/udi-rhel8@sha256:13b735e0791211f4c1ed951fcff8d9342aa82a4c5c023faee1fe698754f9df67

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.