- Issued:
- 2023-10-25
- Updated:
- 2023-10-25
RHSA-2023:6118 - Security Advisory
Synopsis
Important: OpenShift API for Data Protection security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for OADP-1.2-RHEL-8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Security Fix(es):
- golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
- HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- OpenShift API for Data Protection 1 for RHEL 8 x86_64
- OpenShift API for Data Protection for ARM 64 1 for RHEL 8 aarch64
- OpenShift API for Data Protection for IBM Power, little endian 1 for RHEL 8 ppc64le
- OpenShift API for Data Protection for IBM Z and LinuxONE 1 for RHEL 8 s390x
Fixes
- BZ - 2242803 - CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
- BZ - 2243296 - CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)
aarch64
| oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d79146d04177eda5ccc777815932fda586542cf53e88d2069b980d14a3bccfa8 |
| oadp/oadp-mustgather-rhel8@sha256:4410001b038f57f2b53a0aa8a7187db960410a3e6091b4923c0b1924d3ce2592 |
| oadp/oadp-operator-bundle@sha256:dea1e97ee88949b9692f2077f4769b214031366f72f392cd89f85c0c7dcfffd2 |
| oadp/oadp-rhel8-operator@sha256:4628ec389b445fae40227657c9b1b6330fae7a9a76cf80798c4c7f74181050f9 |
| oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a2118e62fcd7dfe8e65b0b1e9df909da3a6317137d2097f4c4ac335c80aefdfc |
| oadp/oadp-velero-plugin-for-csi-rhel8@sha256:d5e564b3d10e44ae21a66f1cbe877b23f55ab397328f4bd168fb4340bbb1569d |
| oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:09426f08a141993d299b940acf33c1065deba4f6bdf9d93db2496cdb043d2f8d |
| oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:934290eeb999c5cbf67ff7d306299cc1c54db613e148cea14489db94ca0c3295 |
| oadp/oadp-velero-plugin-for-vsm-rhel8@sha256:a7faed6579c5d1f8ff56f18889abd458e6c359a1fd038b86d6bb078cecc3d990 |
| oadp/oadp-velero-plugin-rhel8@sha256:9615a84312443cd9b090d51f6dd132b526e58b962c00ac8475a41ad764fa35a0 |
| oadp/oadp-velero-restic-restore-helper-rhel8@sha256:c34c2a171210bc35bef35c783e9d3989e9426ec00e87c3040c5e5de808e1e90e |
| oadp/oadp-velero-rhel8@sha256:e2e8e59932a0b8db365458347161fdd0589c2a533d3eb9b68330b7d3c64af363 |
| oadp/oadp-volume-snapshot-mover-rhel8@sha256:80a01ef4f6e44980e755f6939dc00252bd7274c9d13792dfa80f15423806f277 |
ppc64le
| oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d98265aa2ddfe8a051e6e332f450ae4007e5f719eb456b2db582fe095f7cb88a |
| oadp/oadp-mustgather-rhel8@sha256:e712baa2a2a94afc004397d10fc6f65334dc3a4c547a97ecea5dc96247d28d4f |
| oadp/oadp-operator-bundle@sha256:42d3bb0d645e427380af3f100307fb1aace330ed107a35961d30e2f3a1ded213 |
| oadp/oadp-rhel8-operator@sha256:7572bcc6b877c605805601dca3a6daf8c74b4c82defff9d53dd4173abad84e85 |
| oadp/oadp-velero-plugin-for-aws-rhel8@sha256:64777c17edf16c46a0519a6a3a479e2004da580f5f1b9987d3464894cdc3d621 |
| oadp/oadp-velero-plugin-for-csi-rhel8@sha256:fbc5a4985c0cdf01f6b4aa0d2c9e516f7da8f6a5a6e5e795076e3f710333bb67 |
| oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:da7601aa767656db6edea1eac57f8a891eebbf74155c395b569e2d4ff5d81269 |
| oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:782f4fdab3ad3507e50ad2d77bc3517c3eb74670909ffbea0a0b913c895c69f5 |
| oadp/oadp-velero-plugin-for-vsm-rhel8@sha256:c29da97ce94aff1b538072d27d58ed65a2db5caf5f079f837c949fa866b53eaa |
| oadp/oadp-velero-plugin-rhel8@sha256:a5d985fb6042a03fa996552e43b7734de7f82a05bd69627412ba9350d0a0d318 |
| oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d234e14c2c5789d9d00dc64d8b67d699517c647b05f7190aeb624cd21a5cca8c |
| oadp/oadp-velero-rhel8@sha256:ee41521bcac4206c966bc054416c92f14c240a1ef488ce4b126a8478d45966cc |
| oadp/oadp-volume-snapshot-mover-rhel8@sha256:d1f8e31d8ab726c672f3c53044aa7b563735686968ef0b95686c54171c3faf22 |
s390x
| oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:e2cecef9337f9aba8285a8d917e5cf75e24d93d44197578f93a497eed309d94a |
| oadp/oadp-mustgather-rhel8@sha256:5220e6df18cb18dc2d566bae6b49ced636d9627a111f7bb042ebab3eb0372754 |
| oadp/oadp-operator-bundle@sha256:912b4769343594442f2eee159d52a61ff72a559628b57002cc9fedf7fab7d992 |
| oadp/oadp-rhel8-operator@sha256:f1ca2345c320ccef8c1336e2b4caba0c97e6d455e9f1c70cfb921b07d26e9024 |
| oadp/oadp-velero-plugin-for-aws-rhel8@sha256:6876a1fbf67f9b91ef0cd8442ed56a2b3be79daca4f30ab583c4e95b6179b935 |
| oadp/oadp-velero-plugin-for-csi-rhel8@sha256:8ad05b4f05a94234566276f923ac3ef40ecc17d9e4d05821851b20e381d57bae |
| oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:3613dc6e2c0b94095d30deae7009f05245f55b01b8caea791d99f8492d751b96 |
| oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:44861c3facde9c65e656ae68a8ec6c8871252d6d7e585c37743f0625e4ca7d45 |
| oadp/oadp-velero-plugin-for-vsm-rhel8@sha256:871dbeefc4f519a91948a3ab7c2e2fddc4d3f69d18a84a1a18856e0ac291eccb |
| oadp/oadp-velero-plugin-rhel8@sha256:ea6fe5af28e3c79f2545b46c1639ae5e54e3845a5df2624955a7339511982479 |
| oadp/oadp-velero-restic-restore-helper-rhel8@sha256:982c9120f45add7a8832505823da117a054a79913f0c2811efde3b0349f5a79e |
| oadp/oadp-velero-rhel8@sha256:3d842994b0247323a38ff8c8fe943033e63b05bdc91ae17f222847e0ac11c353 |
| oadp/oadp-volume-snapshot-mover-rhel8@sha256:4a519c0df406c04c1b03a3a88ed075fb6815f0d43fe5d364f006aaf25074c12b |
x86_64
| oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1eba8b3a26d43f2946391817f37cdd8c64415f65108acdfeba66ef9cfebcf0e0 |
| oadp/oadp-mustgather-rhel8@sha256:7d66d863ae6c46e1701ed0c55a7ebd5eaba3d0a330fed5dcbdde5d5f0c5c889d |
| oadp/oadp-operator-bundle@sha256:22d1ac29ae9c3b35e4f850cf26cdcbdf61d5630a1a9aeed079c2dc8f46bb7434 |
| oadp/oadp-rhel8-operator@sha256:d610d59b4d11ca019611a80ff929cea304a333c78ae8339a8c24628daa97ccdb |
| oadp/oadp-velero-plugin-for-aws-rhel8@sha256:81072079708e5808b6a73d8ad9fa6838680a90565a64eed263dfac62eb074f32 |
| oadp/oadp-velero-plugin-for-csi-rhel8@sha256:166cc137856090465797a03844a1ce0c7c5b315917264d1a3c570ff8630c097f |
| oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:31e7cdd4e0965814bfa1a5e07047e3b7ed4953c11bdd0b5adadf493d9b54b534 |
| oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:d75d79f906c5385cfd85777780eb85a1750b76b09125d5d6bbb963f8e160ebe2 |
| oadp/oadp-velero-plugin-for-vsm-rhel8@sha256:7131005d74a60827511929b9a029b1e1b16284fd90d19e8fdf626fad02d65a45 |
| oadp/oadp-velero-plugin-rhel8@sha256:017ae58a715980dfc2b32aa9d1865a7786991ab86a8c17880d142d43fe5188dd |
| oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66fde1bc2e17380cff5503c81cc0b1e4912c310d4c778d7d3b76835fd1aaf45d |
| oadp/oadp-velero-rhel8@sha256:f44e0b13bbfeb73b64f9e7407a81c4ca0bbe783442dd0d29abb12e02e1bd7b8f |
| oadp/oadp-volume-snapshot-mover-rhel8@sha256:41726661a3574000106c13ee6d8c24745dfc53775aea3a7a4bc60e45e3f3968b |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
