Red Hat Product Errata RHSA-2024:1434 - Security Advisory
Issued:
2024-03-20
Updated:
2024-03-20

RHSA-2024:1434 - Security Advisory

Synopsis

Moderate: Red Hat OpenShift distributed tracing 3.1.1 operator/operand containers

Type/Severity

Security Advisory: Moderate

Topic

Red Hat OpenShift distributed tracing 3.1.1.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Release of Red Hat OpenShift distributed tracing provides these changes:

Security Fix(es):

  • golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift distributed tracing 3 x86_64
  • Red Hat OpenShift distributed tracing for Power, little endian 3 ppc64le
  • Red Hat OpenShift distributed tracing for IBM Z and LinuxONE 3 s390x
  • Red Hat OpenShift distributed tracing for ARM 3 aarch64

Fixes

  • BZ - 2253330 - CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

aarch64

rhosdt/jaeger-agent-rhel8@sha256:f8dd7e99597745e893e34d830241c8b469471b66d53e43e47de70daa8d382631
rhosdt/jaeger-all-in-one-rhel8@sha256:f38b52f9153fa22513f8ec801354ae4b6ac88ad6d483f17953536e65a19bd918
rhosdt/jaeger-collector-rhel8@sha256:dc061834866408bf3e9cc6e91210ce69846a92a260b1e89a7c9262a110fb3cac
rhosdt/jaeger-es-index-cleaner-rhel8@sha256:00fbad682a3c18ccf42baa6f5870c157a7c7de357f1d47c85fb5e3e4b17aaedd
rhosdt/jaeger-es-rollover-rhel8@sha256:a927666fa3475220832dd29fcc91a9227beb3452d6fb81a4b6000c02ebf643a9
rhosdt/jaeger-ingester-rhel8@sha256:90c812ddc5faa0fa1e343b74488da5edf312fc6501f0f404413e1c1dfa1a631d
rhosdt/jaeger-operator-bundle@sha256:e6fafe248ec479d6746df51920e67ea79f7f52173650af4e828b74188528c527
rhosdt/jaeger-query-rhel8@sha256:1d7e919e2f98cd6dc2b1ad0c5056af4c7bfabcdceece467cad18d5e022360038
rhosdt/jaeger-rhel8-operator@sha256:6abd04f549d046965ccbad1d7fede9140a203293dfb70fb2d9a08970d81b0ca5
rhosdt/opentelemetry-collector-rhel8@sha256:cbf36a514929605c91e039055a624739cd674de9605f1abf9abd62e691e691f4
rhosdt/opentelemetry-operator-bundle@sha256:c46db4b872b9376389d8ef7f81b94911db3e9c2244e9bea1bf2f626c3033ef51
rhosdt/opentelemetry-rhel8-operator@sha256:d6de213af29eb5062a05cc738abfef7e7eb8b9c7b76e7709b36ace8811570758
rhosdt/opentelemetry-target-allocator-rhel8@sha256:17fa7c491fb0f5d7ff93432960923c20b42e9049f1416678b531c3399f2ebfe6
rhosdt/tempo-gateway-opa-rhel8@sha256:72d6e4b8abd5309af4f34f1255e629ed724bacc5cb89f65ef4fe532b8355809d
rhosdt/tempo-gateway-rhel8@sha256:ee5b5a6fccf539decbecc3842e792a3e6b13447b8cd99ffb80fa96fa50d9f0fb
rhosdt/tempo-operator-bundle@sha256:bf115775caceda8c36779a2f5adac01cfd3248e2df9d81879b1b71b6b1042195
rhosdt/tempo-query-rhel8@sha256:c6b61921d30dd28e57ee13fb4b3a432e3183e0b1e4ba9bf9351bf68e6940ce24
rhosdt/tempo-rhel8@sha256:88b5a28b2765d6473e14695f60427c6ad49279592fa3c9475ce6f6a762fa8c19
rhosdt/tempo-rhel8-operator@sha256:e023c366f7e8dc5916d985e7c4fa8531c3b1838687a04132a6892f12d855400e

ppc64le

rhosdt/jaeger-agent-rhel8@sha256:89bc94cdd7e1133d0dd40ce03b2e8a4482668891f357c067a02fa87b6b60573b
rhosdt/jaeger-all-in-one-rhel8@sha256:2b6ec1b22e1f2410d8864d7f9c0d9d3db6a708e41ef1b7b6915c70ab91b68e50
rhosdt/jaeger-collector-rhel8@sha256:2d45797b4a5105e540694f7dc522e56af71c3ac28049d7596c917252f82e6623
rhosdt/jaeger-es-index-cleaner-rhel8@sha256:30a71079fd7f4351ec0fa7243bd5ea1296df76500fb87b26a2d6bc2efe08588c
rhosdt/jaeger-es-rollover-rhel8@sha256:b3ba030b0eb51c955ffcbc2917efa4d6187c20ff33c3ff156329d4c72ebb9a00
rhosdt/jaeger-ingester-rhel8@sha256:11f1b766cc585802e13760ce998c3485f2550c65517d1ffd704067251759643c
rhosdt/jaeger-operator-bundle@sha256:7c2ef6323b63f537eb2d9d13865ca5eabc09b469741f8178cd96cd01190523fe
rhosdt/jaeger-query-rhel8@sha256:d92be264e945c8076d9698e1df760a7d0e17fa2e91a720a28de7ef6a6bbb0ea0
rhosdt/jaeger-rhel8-operator@sha256:698b19551f5adec4f12d6949e010f6f9266688a232b10820440a579f831d8e54
rhosdt/opentelemetry-collector-rhel8@sha256:06f308b4b4e30915830a470055d465af315a6de111de2c672edcb38729b66e2b
rhosdt/opentelemetry-operator-bundle@sha256:68b9f50b91597e2666092966a8efb5e64e38f92025a9bd93e0b3305c5b361987
rhosdt/opentelemetry-rhel8-operator@sha256:718f68c62796a29071ff52e7a08ecf7a4d7eaf8e0329c2f3be060660158c30ce
rhosdt/opentelemetry-target-allocator-rhel8@sha256:41d7a3ce12250aee729507b9ff7fed434cf1b6b760fef508e02579c900bc7ee4
rhosdt/tempo-gateway-opa-rhel8@sha256:e68cb0cef4542fc878173b61b677bec93773b0ac97be42ed0a2f5aa094dd0bca
rhosdt/tempo-gateway-rhel8@sha256:979a886ff8f21da3ae09a097d990aa664141f70132cde334bc40c7a37652be97
rhosdt/tempo-operator-bundle@sha256:2a341dc99a8e70089f24492a16e569a0f443e9607584254fb5df54c9be66eeb9
rhosdt/tempo-query-rhel8@sha256:4457af5a51bc11ed7c3f8469e103f16903a135d8c8125f81f22379ada37fabfb
rhosdt/tempo-rhel8@sha256:96c9d68e9241543115fafdba1aba4d422438db47076dd6246fc1037fe4b43189
rhosdt/tempo-rhel8-operator@sha256:86d2d5c92adb0ba5a437a2fbf90c10fb40d2a4beff2e0045f4d46f2bdcc27286

s390x

rhosdt/jaeger-agent-rhel8@sha256:debe5d16c0bdd9ed8928ffef377182b84bd77b6df40a5483c9609def2c8e5f53
rhosdt/jaeger-all-in-one-rhel8@sha256:87978a2f333c03e58e597e22cd07572d85ebb7ab08e6bb1b69195ae5301a50bf
rhosdt/jaeger-collector-rhel8@sha256:56407863d57cfdc5bed923ccfedfad6635c2391834f7640daf6dcefbbe84e05b
rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c930aeaa8c319590b65a2ae4b16f8db9c2b5df9ccb4ace21b4c1b59e0deffd54
rhosdt/jaeger-es-rollover-rhel8@sha256:4aa09887b1fc79b1700f77c8f2401920d04c717e22e1226daa1ec9e1b3d805d2
rhosdt/jaeger-ingester-rhel8@sha256:ff93c61f44943a07cc749086cf1b6346a93207ee6ad6d75e48c329d7870ab552
rhosdt/jaeger-operator-bundle@sha256:36bfcba4c3c3ba68ef04877bcf18a970e9f27451a59f306b7cb3c47b991a9450
rhosdt/jaeger-query-rhel8@sha256:47194294b5cef33c81130a6bd93d3e5fdf3e486dc5d22f6a245a89cfb1ba01e2
rhosdt/jaeger-rhel8-operator@sha256:01d5fb68b37523e1d22ddaf3e7f09a38d0d71696f013cebfa075d15ec1bbda3e
rhosdt/opentelemetry-collector-rhel8@sha256:b6ed8eb39212d4d36c3f75e4b0f58147a2746b3b7726e1bb0cec30389bbec353
rhosdt/opentelemetry-operator-bundle@sha256:1ca9b744825e3286b613549cb7c200838f036af77169f010dc4a74dcaaeca408
rhosdt/opentelemetry-rhel8-operator@sha256:1347560c75cd8c49a1b1c9da8ecbff32280a8c30f793621219bc68c107d74434
rhosdt/opentelemetry-target-allocator-rhel8@sha256:0f585e4e119d3c26a8ffc6be0462175912ac4cac1bf7ac5036633af8f3f85099
rhosdt/tempo-gateway-opa-rhel8@sha256:95812e38fb8b2958d8874794fd691dfe13a86381dc1113ba935f1a1673491744
rhosdt/tempo-gateway-rhel8@sha256:3f1165a86e6dcac8796ba72ca3b8147794daa573aa511c501fb5ecfa82bef39d
rhosdt/tempo-operator-bundle@sha256:36ecd8fb56821bfaec71a731eb49919b082d1dadd3b3dbeebd744919e60c7bab
rhosdt/tempo-query-rhel8@sha256:fba3d293954740ca64a2c85fe89989fcb5784ee5e31a0c5588ecbfd9ff1c2c08
rhosdt/tempo-rhel8@sha256:2c648f326bd79e83fee50793623866c3ab0871118c2e23c3da7f039976c4009b
rhosdt/tempo-rhel8-operator@sha256:1ec1e6f748fd5e76441617f804f2e84e38b403dd0497524c166fc9bc287bb1cd

x86_64

rhosdt/jaeger-agent-rhel8@sha256:c1e99baadd03e3bc7ee37931eead320870ffbde5b1043a96fbefee2e21ec760e
rhosdt/jaeger-all-in-one-rhel8@sha256:3be0995542a08f2d27407eeb2c63fbb28da756b35301e4773927b14dd39c650f
rhosdt/jaeger-collector-rhel8@sha256:245727341fbb6991f7576a4f5e840840fdee47ae7825e7ebe1aa5420f2b8e6ba
rhosdt/jaeger-es-index-cleaner-rhel8@sha256:905a600cf68d13a86a0806a386ad5f68fb3d7919ed5088e962085f3a5af9f6f9
rhosdt/jaeger-es-rollover-rhel8@sha256:ce28418d27e800c125710d892e8658ddd70d0b216572d96334a509204e7be827
rhosdt/jaeger-ingester-rhel8@sha256:77cbd16fe4e867ed36a50e6273369485a10368472ceff1e31dff88768a008373
rhosdt/jaeger-operator-bundle@sha256:ddb687858a34d38d9ca8610d489fb21bdae4942008f3d2aeb4bc6186ee404a03
rhosdt/jaeger-query-rhel8@sha256:bd4cba73076c978cf88313a0ab6b893b5a6b08fcd466f68e5e4484ca938070cf
rhosdt/jaeger-rhel8-operator@sha256:6d4e48d53c17dee3a8c509763001fb3ef9d98520abb625b0bfaeae17950a1f25
rhosdt/opentelemetry-collector-rhel8@sha256:089e6159bf124ce3514ce83d0708795ffa688fea53f695103b11fd312be7f9c6
rhosdt/opentelemetry-operator-bundle@sha256:a0fefcdad179cb5555feacfbc226354969258925c9b9259d13fd6959a77a4884
rhosdt/opentelemetry-rhel8-operator@sha256:6f87bce25fc2a58f58202837db08031d9f8efe580205de0f4ec7f805ce366859
rhosdt/opentelemetry-target-allocator-rhel8@sha256:aec9996fd9a6ae38c64d36d6f000d8c925a30880a7e29671f351ff95f62ca3b2
rhosdt/tempo-gateway-opa-rhel8@sha256:62279beeeaf9a3863be7fe56031954b540dda21e333d5601601edb250fda577a
rhosdt/tempo-gateway-rhel8@sha256:e7d08322b474231fca77d6527cf292b02d3a60621a6d65c0a3f6ed68c12131ae
rhosdt/tempo-operator-bundle@sha256:c6c6a80101bb29b78299f2678d15822cf8d8eec300ca55c27549f1dbb1c83d9f
rhosdt/tempo-query-rhel8@sha256:31d9a93d5a44394865b7bb224498d1da9f6b1f0de8d83a3b94f5fbc1948a4a60
rhosdt/tempo-rhel8@sha256:c152b5468de949c287f48d7cbc7573e5be2525a85f1868b686ead92e2d088b8d
rhosdt/tempo-rhel8-operator@sha256:dfb0e6ca3c2aecc48048a64c314a0999465be0b6a13c91245ce438baf4319467

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.