Red Hat Product Errata RHSA-2023:6116 - Security Advisory
Issued:
2023-10-25
Updated:
2023-10-25

RHSA-2023:6116 - Security Advisory

Synopsis

Important: OpenShift API for Data Protection (OADP) 1.0.14 security and bug fix update

Type/Severity

Security Advisory: Important

Topic

OpenShift API for Data Protection (OADP) 1.0.14 is now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

Security Fix(es):

  • golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • OpenShift API for Data Protection 1 for RHEL 8 x86_64

Fixes

  • BZ - 2243296 - CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

x86_64

oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:81866c1022c5753966563d3e7e8f6c52659ec4f44ff16e80abf90b1c205214c6
oadp/oadp-mustgather-rhel8@sha256:47f797fdaa8dd123395d2c24baec6879528b87ed3a4b38ba75529eda9489681e
oadp/oadp-operator-bundle@sha256:d04648c75a3943c17d58e731a1bd9c5b087844933dd541a6f3021090efbd2a8b
oadp/oadp-registry-rhel8@sha256:2f2a0045c09b57f829d329f2bdca336b1b36149376199f0317372c02e008106e
oadp/oadp-rhel8-operator@sha256:2d0182cb70a26416314e18b9df96b2a1153e0321f9918f04b45706ec81f3186b
oadp/oadp-velero-plugin-for-aws-rhel8@sha256:c9bbbcfd7aa37f989db4d82007e1e4934ec0d44a507e527a6a36df2cc4959a5a
oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36a97115bf48ea9fc1a3e9f7a5624d743f1b2e94ad52a6f05da27ebf26e1673b
oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:43c40dee88e38834b1291ef66ad23c63c11fdc192bf288a4691ae15eddddb85a
oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:6d28dd5fbe010143914176e121fc1c6ed935005bc54ef7d8d5fb65e26f72538c
oadp/oadp-velero-plugin-rhel8@sha256:945e16d6a8ab0031dd9fd823524fc5036f05a534008027806a0627adcdc6ba28
oadp/oadp-velero-restic-restore-helper-rhel8@sha256:29db02fcb1fa8339e3fb999d60009e5b78d969fe35609d9702bc20b9dca8c5ea
oadp/oadp-velero-rhel8@sha256:8a7040f970b9d4f69658af2ca419d8d329792e5ae61ad8950706a1a41a98aee0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.