Issued:: 2023-10-20
Updated:: 2023-10-20

RHSA-2023:5969 - Security Advisory

Overview
Updated Packages

Synopsis

Important: Red Hat OpenStack Platform 17.1.1 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for collectd-libpod-stats, etcd, and python-octavia-tests-tempest is now available for Red Hat OpenStack Platform 17.1.1.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The etcd packages provide a highly available key-value store for shared configuration.

Security Fix(es):

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 17.1 for RHEL 9 x86_64

Fixes

BZ - 2228743 - CVE-2023-29409 golang: crypto/tls: slow verification of certificate chains containing large RSA keys
BZ - 2242803 - CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
BZ - 2243296 - CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 17.1 for RHEL 9

SRPM
collectd-libpod-stats-1.0.5-6.el9ost.src.rpm	SHA-256: 1cbc92dd079e77576525eafa4fc49ae0d245dc7ab77ba259f18c14c4ad527cbb
etcd-3.4.26-3.el9ost.src.rpm	SHA-256: ad2162db080dc534bc59d0df091519913371fd9cdf675ff19abc410f18f897ec
python-octavia-tests-tempest-1.9.0-1.20230509101018.el9ost.src.rpm	SHA-256: 71f933f3e2212a2485249dc8fa3886ec064653f8b37ded033cb9edf61bba3d29
x86_64
collectd-libpod-stats-1.0.5-6.el9ost.x86_64.rpm	SHA-256: 66e7feaa18595873713108a6d892bea6b86ea373efaec4c09af4cc7d842a71f6
etcd-3.4.26-3.el9ost.x86_64.rpm	SHA-256: 451f97b53aa9c126a17098da2459dc70041d82af282cf43d6351c79bbb40a690
etcd-debuginfo-3.4.26-3.el9ost.x86_64.rpm	SHA-256: 1c779b6345253a3f2cf0e5e794d43b20bfec64fe3a869f0e0ee6ca893c4cdec7
etcd-debugsource-3.4.26-3.el9ost.x86_64.rpm	SHA-256: 5290a9e41d77fbd2f667a80ccefbb7ed38b6d15e7540dfba76a804d26f3f23ce
python-octavia-tests-tempest-debugsource-1.9.0-1.20230509101018.el9ost.x86_64.rpm	SHA-256: f34aabfe267d587c7fbdebcb444dd4acefd40ee12103dd210d9c4f14e27bdbe6
python3-octavia-tests-tempest-1.9.0-1.20230509101018.el9ost.noarch.rpm	SHA-256: f614c827a390ce520475253137486fc240dbcd60cb14f395eb0a9fc6814d5d34
python3-octavia-tests-tempest-golang-1.9.0-1.20230509101018.el9ost.x86_64.rpm	SHA-256: a2ca55e024c03d590b1f3bf31dd2e949fd6ac2294460ce4ab3193d33dd91f01d
python3-octavia-tests-tempest-golang-debuginfo-1.9.0-1.20230509101018.el9ost.x86_64.rpm	SHA-256: 638ddd7e0313072e204a54a9150634e33fa59972dfd584d5b40a5345a593e3e0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation