Issued:: 2023-12-06
Updated:: 2023-12-06

RHSA-2023:7669 - Security Advisory

Overview
Updated Images

Synopsis

Moderate: Red Hat build of Cryostat 2.4.0: new RHEL 8 container images

Type/Severity

Security Advisory: Moderate

Topic

New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images are now available

Description

New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes.

Users of the Red Hat build of Cryostat 2.3.1 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

Security Fix(es):

vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route (CVE-2023-24815)
bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
netty: SniHandler 16MB allocation leads to OOM (CVE-2023-34462)

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Cryostat 2 x86_64

Fixes

BZ - 2209400 - CVE-2023-24815 vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route
BZ - 2215465 - CVE-2023-33201 bouncycastle: potential blind LDAP injection attack using a self-signed certificate
BZ - 2216888 - CVE-2023-34462 netty: SniHandler 16MB allocation leads to OOM
JAVAMON-236 - MBean triggers for recordings
JAVAMON-241 - Cryostat/Insights integration
JAVAMON-243 - Support ARM architecture
JAVAMON-313 - Dynamic start/stop of JFR recordings for Cryostat agent
JAVAMON-319 - Harmless ?boot class path mechanism is unsupported? log message

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

aarch64

cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4

cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7

cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98

cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2

cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36

cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b

x86_64

cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7

cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420

cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed

cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f

cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428

cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation