Issued:: 2023-07-27
Updated:: 2023-07-27

RHSA-2023:4289 - Security Advisory

Overview
Updated Images

Synopsis

Important: OpenShift API for Data Protection (OADP) 1.0.11 security and bug fix update

Type/Severity

Security Advisory: Important

Topic

OpenShift API for Data Protection (OADP) 1.0.11 is now available.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

Security Fix(es) from Bugzilla:

golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

OpenShift API for Data Protection 1 for RHEL 8 x86_64

Fixes

BZ - 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace
OADP-1504 - oadp-1.0: Restoring pod using image from openshift build randomly ImagePullBackoff

CVEs

References

https://access.redhat.com/security/updates/classification/#important

x86_64

oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b391390d15088e8afd3297e0dbc1ca6ab6e54ff6a61c7e28b2fe7f8f6777c651

oadp/oadp-mustgather-rhel8@sha256:d178bbef0c7e2bea002ec1a0b294472f42c7c5c9642d174492baa2770ce6527f

oadp/oadp-operator-bundle@sha256:7ac193a2157e5519f5a5e6908d7378a6c231bc4221b350f9ecd908f86866edf8

oadp/oadp-registry-rhel8@sha256:b6885b85a1220887c6f0640cf2c95a82f190d3f5939a66b582259c57e60d0bbd

oadp/oadp-rhel8-operator@sha256:c93d727f3244175c409e7e23301152519a4ac4a6cdfba8107b99f622f0a394de

oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a2bfb3a1bc7e6788f758af6e7f88b9c07426a4509f9ba329f7adc3a749703995

oadp/oadp-velero-plugin-for-csi-rhel8@sha256:dc97222cbf83ce3e372921303e5ee711eea13fa76b36c8f0ba78200a657fe03a

oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:34c535174f0c67b85343d2dedc698c4909d212581bccf4004583916d65c079a0

oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:8b8ff5365ce8bcc94719fd4c84087140456e035ef5390fe327df90d8a527760d

oadp/oadp-velero-plugin-rhel8@sha256:95bc2c1e9419a8c05bff13d05cb21d84ec69c22c15ed3c52484e5e9a17c291e9

oadp/oadp-velero-restic-restore-helper-rhel8@sha256:01f0f6be391bdb11e9cb19c00540ab305a758dae68e45ca0f045afb801748485

oadp/oadp-velero-rhel8@sha256:a0f5d406010ba1161572c009e9d3dd62b36124bf57cbc29edff39ac57f1035bb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation