Issued:: 2023-08-01
Updated:: 2023-08-01

RHSA-2023:4420 - Security Advisory

Overview
Updated Packages

Synopsis

Important: OpenShift Virtualization 4.12.5 RPMs security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Virtualization release 4.12.5 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.12.5 RPMs.

Security Fix(es):

golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Container Native Virtualization 4.12 for RHEL 8 x86_64
Red Hat Container Native Virtualization 4.12 for RHEL 7 x86_64

Fixes

BZ - 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace
BZ - 2227593 - Tracker for 4.12.5 RPM

CVEs

CVE-2023-24540

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Container Native Virtualization 4.12 for RHEL 8

SRPM
kubevirt-4.12.5-1189.el8.src.rpm	SHA-256: e9c6ba7c8d41cc2235fbc4c2504820861cdc4021a91e1ebd0ffb64f66b8995f4
x86_64
kubevirt-virtctl-4.12.5-1189.el8.x86_64.rpm	SHA-256: c2be0d26df0cb6a94ce4a93b4107787e5204f3fa0a92bf61bc7b8e76e43dfcf5
kubevirt-virtctl-redistributable-4.12.5-1189.el8.x86_64.rpm	SHA-256: 98c075e68f423edc3f47db47286bd2df3364a6635e85ff92840c56b564385628

Red Hat Container Native Virtualization 4.12 for RHEL 7

SRPM
kubevirt-4.12.5-1189.el7.src.rpm	SHA-256: a3284f9527dc98667d0b6e2bc18c3c11b0b20ca1c4f1bcf51fbded4aa5ab5341
x86_64
kubevirt-virtctl-4.12.5-1189.el7.x86_64.rpm	SHA-256: a338d1fbff1f375be043bf005f2d8537b0b3a3a6a655f5c247955a382a97a616
kubevirt-virtctl-redistributable-4.12.5-1189.el7.x86_64.rpm	SHA-256: 532e45bb18e387dda8731cb043c872e0ec2d59ae2b7578444cd6f46d2b3ff948

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation