Issued:: 2023-11-01
Updated:: 2023-11-01

RHSA-2023:6243 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openshift-gitops-kam security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

TODO: add package description

Security Fix(es):

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenShift GitOps 1.10 x86_64
Red Hat OpenShift GitOps for IBM Power, little endian 1.10 ppc64le
Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.10 s390x
Red Hat OpenShift GitOps for ARM 64 1.10 aarch64

Fixes

BZ - 2243296 - CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

CVEs

CVE-2023-39325

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift GitOps 1.10

SRPM
openshift-gitops-kam-1.10.1-22.el8.src.rpm	SHA-256: e97900002805de6c7f469950bfa11302575de5e5a407f480020fc1d014dc8e8d
x86_64
openshift-gitops-kam-1.10.1-22.el8.x86_64.rpm	SHA-256: 20398573ec2c476463ccf2b3cfa879eab3b3b7add6d56e2a92223480e23ac4ca
openshift-gitops-kam-redistributable-1.10.1-22.el8.x86_64.rpm	SHA-256: 2832605295af14cb32a0a613998bc9c32b7adfccfdab19dc3b22ee82d22b9ae5

Red Hat OpenShift GitOps for IBM Power, little endian 1.10

SRPM
openshift-gitops-kam-1.10.1-22.el8.src.rpm	SHA-256: e97900002805de6c7f469950bfa11302575de5e5a407f480020fc1d014dc8e8d
ppc64le
openshift-gitops-kam-1.10.1-22.el8.ppc64le.rpm	SHA-256: 730cae3b04371c33a90196ac89bcbe4477c254cc53d564b42abd9eca75787b03

Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.10

SRPM
openshift-gitops-kam-1.10.1-22.el8.src.rpm	SHA-256: e97900002805de6c7f469950bfa11302575de5e5a407f480020fc1d014dc8e8d
s390x
openshift-gitops-kam-1.10.1-22.el8.s390x.rpm	SHA-256: b9b3a8380575da2d86e9707a057b9243191ea28e892bef874ae60b12920096d2

Red Hat OpenShift GitOps for ARM 64 1.10

SRPM
openshift-gitops-kam-1.10.1-22.el8.src.rpm	SHA-256: e97900002805de6c7f469950bfa11302575de5e5a407f480020fc1d014dc8e8d
aarch64
openshift-gitops-kam-1.10.1-22.el8.aarch64.rpm	SHA-256: 57bc33a9e5b6d770c1b8f58ab4aa09b302ceb68bc379383ec782d745de2ffbcf

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation