Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2023:2728 - Security Advisory
Issued:
2023-05-10
Updated:
2023-05-10

RHSA-2023:2728 - Security Advisory

  • Overview
  • Updated Images

Synopsis

Moderate: Red Hat OpenShift Distributed Tracing 2.8.0 security update

Type/Severity

Security Advisory: Moderate

Topic

Updated Red Hat OpenShift Distributed Tracing 2.8 container images are now
available.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Red Hat OpenShift Distributed Tracing 2.8 container images have been updated. CVE-2022-41717 was fixed as part of this release.

Users of Red Hat OpenShift Distributed Tracing 2.8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs, and add these enhancements.

Tempo Operator added as Tech Preview.

You can find images updated by this advisory in Red Hat Container Catalog (see
References).

Security Fix(es):

  • golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat OpenShift distributed tracing 2 x86_64
  • Red Hat OpenShift distributed tracing for Power, little endian 2 ppc64le
  • Red Hat OpenShift distributed tracing for IBM Z and LinuxONE 2 s390x

Fixes

  • BZ - 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

CVEs

  • CVE-2022-41717
  • CVE-2023-0361

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/containers

ppc64le

rhosdt/jaeger-agent-rhel8@sha256:8a43f264074ee58981c8a80becceb4fca6488a641882b56ac19c11b19a8107e2
rhosdt/jaeger-all-in-one-rhel8@sha256:0b20755ee5537736b1fe1371bd0052a48cafe921c49019bb9b370ec2973fa08d
rhosdt/jaeger-collector-rhel8@sha256:ff04f6b0953c885bac0b58c0373eef52cc667901df03ecf40568c30132d46f31
rhosdt/jaeger-es-index-cleaner-rhel8@sha256:98fe80fbd583a0f52d96045196806fdc4564ec3dd6baf06ab5d2e69bd4e78c3b
rhosdt/jaeger-es-rollover-rhel8@sha256:8936533e85752a84a10dde80dd637bd362af950a5b71b4d89929e704cc22cbd2
rhosdt/jaeger-ingester-rhel8@sha256:496ff69d2598e54e2ca83e6c2ea10d471ad152711423932b28c70dc7265a99e8
rhosdt/jaeger-operator-bundle@sha256:c5984c02730264eebba1988130ac3f1107b7b27b9a4bfd6801d3295554514504
rhosdt/jaeger-query-rhel8@sha256:0fb36c45aeaf6ce09946a3bc90637a1d9a118f3d86c950105a916263de49501e
rhosdt/jaeger-rhel8-operator@sha256:69b565bd59f81777c857981508eaa4a177a8d1a0ffb96507758cde425681e36e
rhosdt/opa-openshift-rhosdt-rhel8@sha256:f982e0dbc460565f37ec773ef49873e431cbc21a180488d50dd1991b6117f8c6
rhosdt/opentelemetry-collector-rhel8@sha256:db9c1a9684e33ddb8f4967f6d2ecd5c2969d1fd358ee9f7de2d991d2e6653936
rhosdt/opentelemetry-operator-bundle@sha256:7909ea7d7da0568077e296b92bb7baa560bd337aa29903d52b3986814856688a
rhosdt/opentelemetry-rhel8-operator@sha256:983a171835f9ab509e96c79f7e2a6b0baaf253aa83abb328a3a0a6af25a34499
rhosdt/tempo-gateway-rhel8@sha256:60245023f0b9f00afeb40c130cef36f2efa63d5c6416eee69d1523cae7addb45
rhosdt/tempo-operator-bundle@sha256:84939add25bc2ac7ac329987c8742e758a33c2e7fe367a400d574787e7adc0f6
rhosdt/tempo-query-rhel8@sha256:982bf7bd95a2fbfef36ec5aa70fdb6812f973dd23ebb525b3c017b03cdc8a15a
rhosdt/tempo-rhel8@sha256:d8ecbfeeba3a8d0f4b32d6e35e3c21685f62aaec5be63c039f2e85964ab03052
rhosdt/tempo-rhel8-operator@sha256:7a9e324e998eec2a60300b21a2bba25bfef6403177163d3925cf9167d9bc8fe8

s390x

rhosdt/jaeger-agent-rhel8@sha256:c328aa56ba47b44064ef4bdb049078845fcd69604ce4a999817804781a5f0149
rhosdt/jaeger-all-in-one-rhel8@sha256:251e1a11abbb91bf0316c27242cc5f965f276dfecb388c19f9dfd93bc894622b
rhosdt/jaeger-collector-rhel8@sha256:b8f0ecc3f3f5e6ef95795b5d6e4c1101ac262798bc7f98d88a4d72c9bb8df2de
rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1ad7cb4a53bba1ce64294865f2ea98bea7e12abc8b2ce3fb929b4ac6c7a9e534
rhosdt/jaeger-es-rollover-rhel8@sha256:0bfe941f7a7af8f9d7aebeb7705837c3aa5858f6b282c511659d82bb71b466b1
rhosdt/jaeger-ingester-rhel8@sha256:1374bd615cd61d87b6d2a0fe2a41d40cfb6ff88cd652bcb1cdeedea7bc222394
rhosdt/jaeger-operator-bundle@sha256:37749952282a8d451c0b9e26b23fe226fc08a1214cb9b2236382b7460d3bfb5e
rhosdt/jaeger-query-rhel8@sha256:104db728c93ca8fd7a3abd8889e6a0d1ec4db34ea6e2d4350dba029651adeb17
rhosdt/jaeger-rhel8-operator@sha256:21ba897b333be9d40a02d4ea2c89af013331b3c06fbb86c5a9759f61039086f9
rhosdt/opa-openshift-rhosdt-rhel8@sha256:0f134b1b26a5f27009777d7279872871d8072b0343c05a376425fddeb5cca359
rhosdt/opentelemetry-collector-rhel8@sha256:b7873e3eb7d40a27c638644474e04ddc364b77ec1ad1399e35da38fce22fc0b6
rhosdt/opentelemetry-operator-bundle@sha256:a8653e4a1642fd364077c9eb6436cf4949d4e8785d9260710aa44de6ef7ff8b0
rhosdt/opentelemetry-rhel8-operator@sha256:8e34697b56eae5a94f96d20195aeb9310c42b8ab608e1afdab2f680d2fc391ad
rhosdt/tempo-gateway-rhel8@sha256:1c8422e6085eb89fa74067651714d19f76c1eed5af90a339268cc699755eb68b
rhosdt/tempo-operator-bundle@sha256:4939ba02f0c4b550ac9bd5a6bb882248606a763ad95de5915ca170cf4cf95759
rhosdt/tempo-query-rhel8@sha256:30d4f50afa01afd9e21a6fb36fff2a4d6ded4d354a06745d92b6d08cd6f995c2
rhosdt/tempo-rhel8@sha256:0dbdf5051a2b1ba9fb0ee210e2713ed9f3d39e9c159395b8e179012b67f9bc6c
rhosdt/tempo-rhel8-operator@sha256:79472b5856d5aec5b5d321f95297ed7e7c4a46c82b2a894b638911da428312b4

x86_64

rhosdt/jaeger-agent-rhel8@sha256:b689645b06be8513d1960c4431ada2f7615d72cdc5df43adac38bd161b266a25
rhosdt/jaeger-all-in-one-rhel8@sha256:e4bb5f4ec8077fd88d504bbdf9dc776011ec4bb459a6f8716c26ab0e62cbf70e
rhosdt/jaeger-collector-rhel8@sha256:1bd71465d819d4698e6f22f22c2b85b582602197aa7ce200ed8359cc5eb5651c
rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2faac03b2c880856c059d1eba1ec41d464115a2ad26fa1fac53de5aebcae91e5
rhosdt/jaeger-es-rollover-rhel8@sha256:75b3492d01d93b5f14dd8b8cae913f4c9a379cde9738b16b653f17065f461004
rhosdt/jaeger-ingester-rhel8@sha256:8713a0e37285d6e5c7133221c07dcf4012d832bd47bf6657829fbfa4add1d049
rhosdt/jaeger-operator-bundle@sha256:195b7fc980c05ae95965012817ab824fcb6c18c7c7873accc4198875c1df096f
rhosdt/jaeger-query-rhel8@sha256:c6cb58f3440abb96c0ad5d3837131836cd8cd0b0e30582bf6fecdd2ec7f23fb5
rhosdt/jaeger-rhel8-operator@sha256:45aa2c351ee0e9cc8bbcb2cdedd6e673f3196464529a44be6ec74cc150eb6751
rhosdt/opa-openshift-rhosdt-rhel8@sha256:ee803ea21b800c4185e097f30834be99daf2071d01782098adffaee9fe2d69dc
rhosdt/opentelemetry-collector-rhel8@sha256:00416535e7d8201734bf0f7d7f3279c064eb1311b8d64b89784622a05bc65244
rhosdt/opentelemetry-operator-bundle@sha256:202ee7fa0a4ec49d6982c62a322dcfb5994984a3e8382cc2ff56806f65ed2070
rhosdt/opentelemetry-rhel8-operator@sha256:2d81f81659c6d9f4aa3ebeacf60f13ccd3365772114ab5df9bc099f7ea2ec033
rhosdt/tempo-gateway-rhel8@sha256:5750eddfc102b827318e8a916ba96d0c07dc0ff57aee73b63f1b8ff430865e6b
rhosdt/tempo-operator-bundle@sha256:ff86c632e7eadeae0c2f50f7b9ef1d5cb2d05ed69ec618494bf164a980a5c54e
rhosdt/tempo-query-rhel8@sha256:fd1ae22f59b180cf0ea59df3e405d98e252305efd98ff0e1fc15bdda19c18c28
rhosdt/tempo-rhel8@sha256:9e2192e6d95248c549045c6bb147d185969abe85f27c27dfa8e1dc5417b1749e
rhosdt/tempo-rhel8-operator@sha256:f4835973248c4cc72ec1fcf6a2bfed9903bd857cfc56df123a6ab6a331a5522f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our <a href='http://www.redhat.com/en/about/privacy-policy' class='privacy-policy'>Privacy Statement</a> effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter