Red Hat Product Errata RHSA-2023:4889 - Security Advisory
Issued:
2023-08-30
Updated:
2023-08-30

RHSA-2023:4889 - Security Advisory

Synopsis

Important: DevWorkspace Operator 0.22 release

Type/Severity

Security Advisory: Important

Topic

Red Hat DevWorkspace Operator 0.22 has been released.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The DevWorkspace Operator extends OpenShift to provide DevWorkspace support.

Security Fix(es):

  • openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat OpenShift Dev Spaces 1.0 x86_64
  • Red Hat CodeReady Workspaces for OpenShift for IBM Power, little endian 1.0 ppc64le
  • Red Hat CodeReady Workspaces for OpenShift for IBM z Systems 1.0 s390x

Fixes

  • BZ - 2224173 - CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support
  • CRW-4641 - Release DevWorkspace Operator v0.22

ppc64le

devworkspace/devworkspace-operator-bundle@sha256:d97da395e5370ddfc6bed0a36b0bf4e8923fdc7b281541619a2244554bc22fc5
devworkspace/devworkspace-project-clone-rhel8@sha256:17e535028dea4aeeb6d6709a2fe3abfbc1d2f33709d7e9e216c9e58b5f519a91
devworkspace/devworkspace-rhel8-operator@sha256:2079028c1f40b18bb0b8fdc6f334a54bc15b7487088ca04623a7ef98ef36d9be

s390x

devworkspace/devworkspace-operator-bundle@sha256:c0944468eec87646b3d7702577393e0bde343f892e6abc3202d46e5a3049341d
devworkspace/devworkspace-project-clone-rhel8@sha256:0a602da178432c733b3163c4be21f153ff57971247c13e144f48fb2df4522a5b
devworkspace/devworkspace-rhel8-operator@sha256:2965b996432749b212d7a0437ac29450096fb00bff0a8e90c879da38e91a9a0c

x86_64

devworkspace/devworkspace-operator-bundle@sha256:a185d4573a72c5f4bf0847aa17b6c8efdcc63ce7c4f936018b57c5a024ecf971
devworkspace/devworkspace-project-clone-rhel8@sha256:042ee6de1b850b0fc3f656158c0c0d34d8ba83b5715c8e0eeb71855085fcbe4a
devworkspace/devworkspace-rhel8-operator@sha256:eef32cc05cbfa99bdf7b98a0ca7c53c6412b347a5984e2c4564fa26cefaec471

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.