Red Hat Product Errata RHSA-2024:1557 - Security Advisory
Issued:
2024-03-28
Updated:
2024-03-28

RHSA-2024:1557 - Security Advisory

Synopsis

Critical: Errata Advisory for Red Hat OpenShift Builds 1.0.1

Type/Severity

Security Advisory: Critical

Topic

An update is now available for Red Hat OpenShift Builds 1.0.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Builds 1.0.

Security Fix(es):

  • CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
  • CVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
  • CVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS on go-git clients

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Builds 1.0 x86_64
  • Red Hat OpenShift Build for IBM Power, little endian 1.0 ppc64le
  • Red Hat OpenShift Builds for IBM Z and LinuxONE 1.0 s390x
  • Red Hat OpenShift Builds for ARM 1.0 aarch64

Fixes

  • BZ - 2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
  • BZ - 2258143 - CVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
  • BZ - 2258165 - CVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS on go-git clients

aarch64

openshift-builds/openshift-builds-controller-rhel8@sha256:686ad7ae2772e6f00e86186bf1c98a0c158b373ee3517be296818e18fa475921
openshift-builds/openshift-builds-git-cloner-rhel8@sha256:6ec4966c3eff2a781b885212a77deaf37fe854de46fd29534e365f54324381e3
openshift-builds/openshift-builds-image-bundler-rhel8@sha256:a852957ccee84d0ea5fac3de3ff5c68ac79deca7f3cb36328ac777b0888c7b4b
openshift-builds/openshift-builds-image-processing-rhel8@sha256:7abda41e2aae405fc8aadf1b42469128daf66245e63d556de08fde6d6e25e316
openshift-builds/openshift-builds-operator-bundle@sha256:9aa0e3583582b3accb2c18476d33613431ac34b201888af6f7aa41a90bcd4508
openshift-builds/openshift-builds-rhel8-operator@sha256:7840340e82817d5c95ec93aa3d534c98bdb8c9a6efaf59fd6bed7117bdcc3f00
openshift-builds/openshift-builds-waiters-rhel8@sha256:b384ca4cd31baa8de9d6d08455305634b9bccbb95463a60fc06a96c11f535b1b
openshift-builds/openshift-builds-webhook-rhel8@sha256:bb9d712386ca640899684ea181475be5e81990b5b827dd7a11a6da3a41f9f20c

ppc64le

openshift-builds/openshift-builds-controller-rhel8@sha256:6675982a438ffb20c876193f88cffe475767b76fcc2b57fb0073ec103f058f54
openshift-builds/openshift-builds-git-cloner-rhel8@sha256:5b4504b82df425c295c167825d1e64f30a3e6f0dac094ff408f3bfacba47d315
openshift-builds/openshift-builds-image-bundler-rhel8@sha256:453fcacfcfebf1f0c0fb3d2f4e9a183d1fe578dbde49b991892fd3007aafdbc5
openshift-builds/openshift-builds-image-processing-rhel8@sha256:f802324b5924bb25f90a1e78435e170db4b41f5c6164e221cb2fe54e1451e06f
openshift-builds/openshift-builds-operator-bundle@sha256:1ea54eafb83ab9cf4fa3a8ae66864309b592c5e90ee4ae8aa86c8cb76f25fd59
openshift-builds/openshift-builds-rhel8-operator@sha256:9235caed8216b64ed825d5b6d7fada5801d1f4015164141b0fae91454a98e4bf
openshift-builds/openshift-builds-waiters-rhel8@sha256:bef7e6c063dbe218ba76fd9f6842ba076d0dedd8d42d40e62805c6710976b445
openshift-builds/openshift-builds-webhook-rhel8@sha256:53f0b3c485c825e3dcefb4f30207ecd3c5d7e2197cf4f0559ce35f4eb7c91b8f

s390x

openshift-builds/openshift-builds-controller-rhel8@sha256:56ca1d5fa1d29d3048c59e3b15cd449454e0ceff608ab9c794f214532f6fa605
openshift-builds/openshift-builds-git-cloner-rhel8@sha256:dc87f0bffbed293a57937cb7022dc9f0bb15b82f1bdb316f283a4b506e19fa27
openshift-builds/openshift-builds-image-bundler-rhel8@sha256:d5f201a51c85e7b70807ad0688c73ae70f76ac4f3919fbac85e475bbde48d599
openshift-builds/openshift-builds-image-processing-rhel8@sha256:b38b949a700b11bebb9dc7c07cd1c10832b2dfde41adf21db6b20549d25f0136
openshift-builds/openshift-builds-operator-bundle@sha256:6e83f03b788bd829c147481a79401e1cc1b83258990f7c86a25359b029bbc92a
openshift-builds/openshift-builds-rhel8-operator@sha256:a3ff59c104a4d327039a0e3c60833502d5fc354632aa3608e6db14363f8fc355
openshift-builds/openshift-builds-waiters-rhel8@sha256:a7912a7deebe11c23d8efddc6af4b0afaaab9b33da896f316a38ee91571781c8
openshift-builds/openshift-builds-webhook-rhel8@sha256:b39600ea957d5fd34f00fe50ecf1879bca47a4bac924c4fdff702d1fc68a1e7b

x86_64

openshift-builds/openshift-builds-controller-rhel8@sha256:638042ef5bd0bafc6f54055f11814f1dc3bab8b47ce356932ed333cf10b4111b
openshift-builds/openshift-builds-git-cloner-rhel8@sha256:0edb0e9d3532c4c35c5f9984589cbcdba53dab0db74d34ad4f2cc3218f6c4941
openshift-builds/openshift-builds-image-bundler-rhel8@sha256:f4492af12a740015ee3e114ac9c8e42d25c4387073f6c85251fd7089324bed05
openshift-builds/openshift-builds-image-processing-rhel8@sha256:e94e7624075e9f5cd22b5b8a39f22cf1acd6b4585bc98366327cd36a9a6950ad
openshift-builds/openshift-builds-operator-bundle@sha256:56c474f8bc49060c3f1a6fc19d5984b2bbf81ac3ab76a80ce63faa9010d0759f
openshift-builds/openshift-builds-rhel8-operator@sha256:2161db279af5289dc8221988a03ca552b8d1773d167d580d144ee5f45412fe10
openshift-builds/openshift-builds-waiters-rhel8@sha256:4ead53061f635e17da978b72a20c91b3e46f9113e9793b550ce8b16f866398e0
openshift-builds/openshift-builds-webhook-rhel8@sha256:2426730213dab85121b70b97d5d645ccd936c5bbe296174256e4a754a054ffaf

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.