Red Hat Product Errata RHSA-2024:3314 - Security Advisory
Issued:
2024-05-23
Updated:
2024-05-23

RHSA-2024:3314 - Security Advisory

Synopsis

Important: OpenShift Virtualization 4.15.2 Images security update

Type/Severity

Security Advisory: Important

Topic

Red Hat OpenShift Virtualization release 4.15.2 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.15.2 images.

Security Fix(es):

  • golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
  • follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)
  • axios: exposure of confidential data stored in cookies (CVE-2023-45857)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Container Native Virtualization 4.15 for RHEL 9 x86_64

Fixes

  • BZ - 2248979 - CVE-2023-45857 axios: exposure of confidential data stored in cookies
  • BZ - 2256413 - CVE-2023-26159 follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()
  • BZ - 2268273 - CVE-2023-45288 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS
  • CNV-39704 - HPE (csi.hpe.com) now supports RWX/Block
  • CNV-38599 - The VM/VMI is not deleted when deleting storage checkup if the checkup is failed
  • CNV-34292 - [2245646] Failed to start VM with scsi disk with io='threads'
  • CNV-38699 - `oc debug` command does not work when AAQ enabled
  • CNV-37007 - Delete VM with grace period is not working
  • CNV-39100 - After enabling AAQ there is an error 'x509: certificate signed by unknown authority' occurs when executing 'oc logs' or 'oc exec' commands
  • CNV-38360 - UI shows an unnecessary warning on NIC deletion
  • CNV-39686 - Users cannot use their own images from the UI
  • CNV-39557 - Update Link in Virtualization Overview
  • CNV-38845 - secret persists even after the deletion of the virtual machine
  • CNV-37018 - [4.15] Clone from snapshot: host assisted path creates wrong temporary restore PVC
  • CNV-38661 - reduce rate limit for virtio downward metrics
  • CNV-40159 - ssp operator crash-loops on ipv6 single-stack
  • CNV-41508 - [4.15] CDIStorageProfilesIncomplete caused Openshift Virtualization operator status go degraded
  • CNV-34963 - Add Genoa cpu model support
  • CNV-40904 - Snapshots and Storage title includes "_other" suffix

aarch64

container-native-virtualization/aaq-controller-rhel9@sha256:3b5dd9a5217af5db0347efafb380e91da1a1176e2b40f356115e870612b79928
container-native-virtualization/aaq-operator-rhel9@sha256:15079d40fa0e418fec82620b3f52e394743c9d7f0433f2b8aac3484fbb57b790
container-native-virtualization/aaq-server-rhel9@sha256:146b827825bb5222ad360f8672d4ef34989518b43369b641fc703eb704c891a6
container-native-virtualization/bridge-marker-rhel9@sha256:35ac9c93a2b6571ca28ca1e13e040d7a06113ec9a768c02e8c0735f76c6c0b69
container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:bf42cd420929b12d78ebd7567b4de1c32ea343f0201ae7ecfb9d3a47b12220c1
container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:389e56fa3345ea9866b9c7789ff9ad04d3ff2b45db91eb13b20287960c6fe72a
container-native-virtualization/cnv-must-gather-rhel9@sha256:cadf6787d391f64df11112c29d7c8f2b3f9eb312e478d8cdd8e634401d390834
container-native-virtualization/hco-bundle-registry-rhel9@sha256:26324b49a3da9d17d5f3814b54cdcfc839dbca423800aeba48774a774d79035b
container-native-virtualization/hostpath-csi-driver-rhel9@sha256:5c91f322e434d71a762cf13bbf0bbd94dfd12218a1bc263b688388bc1ad57ff1
container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:0199a42c1b7a987ec91a4e33e7fdbdcc3ac6ce6dd5a1ece9edb03ac067a1b696
container-native-virtualization/hostpath-provisioner-rhel9@sha256:366ce321638295540c24a2ad7e05002c2ab23ef793010acd9e248729baf9efd8
container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:bd5a3c794887ee63ac600a0d0298092196a2e642a92cc33bc2cfb3f751811dfc
container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:0889491602786dc9ba90e09b2744448be3e36e60a1525020566855bdf950d460
container-native-virtualization/kubemacpool-rhel9@sha256:17727cf133d3fbf9865bf7f9ae1a09a40fd0d21114a38a046ecffeac26ec2e61
container-native-virtualization/kubesecondarydns-rhel9@sha256:965e1b1afc72a7c96d2f90c673ba07f3856cc646017e222e9d03a9400f72cf1b
container-native-virtualization/kubevirt-apiserver-proxy-rhel9@sha256:c8a7b80129aeb6ec0ce7a5adfb3541c898fc21995500fd5a8bd67cd2192b2578
container-native-virtualization/kubevirt-common-instancetypes-rhel9@sha256:487743c7eb7643d1abe75fd0ac33373eeda5294bc6e6ac152b6af697feab7404
container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:8f0139de40eaf5e289c9b50a6cdc74a834969ded6d66bba9d12440a54fcf1ae4
container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:2333869b30618b70ab249232fe0772f022632856b03eb94de2b141f3e254b34e
container-native-virtualization/kubevirt-realtime-checkup-rhel9@sha256:1ad39919a142b363ee4b21cd3c5cdf0123be6ae04a4ed3dea1d51ae9cf981926
container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:92ede880b1530338a189dee89a02a4bfce97f867d25673180b1be0e246407ccd
container-native-virtualization/kubevirt-storage-checkup-rhel9@sha256:f6fd5454eef6a922f36780ce684a2927916fe709329ed34c1345087cbf368f71
container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:a49c9abe0d3f9fb625884ebd8325d29fae4339cfe5665955ab19e6a402d584ab
container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:4b3aa1b4eedc72c3e0ee24ba01ecbe319434e597d452dececab171a32150cd13
container-native-virtualization/kubevirt-template-validator-rhel9@sha256:7221d0f9ec2bb8fe10d6fa7557358f6809870ceca6abffff76fbaa9ffb89bfa9
container-native-virtualization/libguestfs-tools-rhel9@sha256:4496c4b20546d54711c3135758c7f77639312386e8ed489a2436f2fcd9f7f9e1
container-native-virtualization/mtq-controller-rhel9@sha256:34beadf8d8f247bb563d5e6611bec5663612d8dd7049466744241b4e4074f66e
container-native-virtualization/mtq-lock-server-rhel9@sha256:c5bb6711b4abbcef730be51ee67b59834acadaf93599d2db8cfedc7640b24946
container-native-virtualization/mtq-operator-rhel9@sha256:9311bd6eb75421e49399647a21c79348702229ce1eb0c040674bfedad55fcdf6
container-native-virtualization/multus-dynamic-networks-rhel9@sha256:8699359b01ca935c95c5e4c91e082243f3b0fd388b76041ad28ebb501c86cc9a
container-native-virtualization/ovs-cni-plugin-rhel9@sha256:49fcce3d3cb9f1b14baba4aa73e31634aabab0fca0d44e1e494912504b625268
container-native-virtualization/pr-helper-rhel9@sha256:65ab2009e6c4b6a69374d0654f97e77085b0b063df6dfb4cfa671d1dc54fa4de
container-native-virtualization/virt-api-rhel9@sha256:fe4a9a2f847641ecae2ba87615db0bf06323ed905d76b0686ab7631979ac0fca
container-native-virtualization/virt-artifacts-server-rhel9@sha256:2188b4a2a663351d4f9d6bd44db28494bac48563b762f26a50ab578c414ed3e3
container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:2ce2be45cb027387848f9a57c4eb039825a923c3d94257e9c6ddcf9fd9909e74
container-native-virtualization/virt-cdi-cloner-rhel9@sha256:92967ffa5e4797dbd405d996a683bc5bb7119dea648699cb9e2b00accae81836
container-native-virtualization/virt-cdi-controller-rhel9@sha256:a9f98265d1898998206ff81490d53dad15fe32368cb24d3d270f6bb6588269bf
container-native-virtualization/virt-cdi-importer-rhel9@sha256:b2d34043c76548fe63a6efc4417708951942ea2f6533d73b1c52a261bb1f1377
container-native-virtualization/virt-cdi-operator-rhel9@sha256:8ce7a3578d42e6bdf1aded6a6b38d2401cf023093803bae705b360fb5adc9bbb
container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:b09e57dee56aa1a6b094d01931e2d54203a69940f2fad777e04975dfa93cdd73
container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:85bb7bb57e9ca1b23c204801fc8f2a0c9276e7e1f1456ffb2e616b1cb6ab2005
container-native-virtualization/virt-controller-rhel9@sha256:9a5e836b5a33b15b98923cff7e8cc6a258a244f123076f56ee571c96e43576cf
container-native-virtualization/virt-exportproxy-rhel9@sha256:df751abcc53676137ddda43e1ea38c7f938cbfcbb08df5027cc93780961194b0
container-native-virtualization/virt-exportserver-rhel9@sha256:e5494ab1eb24c2b83e1b5caaef208e618b8f44bbaaa9102fab00c64520fb69c9
container-native-virtualization/virt-handler-rhel9@sha256:cd4804ff3dfb0b64981ca3bda3f160c61cdce5722c40283cfa248e039d23253b
container-native-virtualization/virt-launcher-rhel9@sha256:0c0ed8df6ce1774cec46b0865fc43d6a0cd61c3ba1024379cd2041a5d1f54211
container-native-virtualization/virt-operator-rhel9@sha256:2a26bf18f86baf131580c5fa227600f8152401aa231dcc7736a75ca834d184ae
container-native-virtualization/virtio-win-rhel9@sha256:9057d1d7f9d74cd11a833c53bb1bb11d0fd5ea8a9a613044324fe319e87de41d
container-native-virtualization/vm-console-proxy-rhel9@sha256:39084d00f6f68ca7137a4a4b13de958b3aa04d10e69f52c498b3f0bcb4f30bf8
container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:9060a82f10acda7b5ca8b895cb4ba608ad00b4bb9fccbceaab0c4128d9790c1a

x86_64

container-native-virtualization/aaq-controller-rhel9@sha256:05c354f5775ffe9eb40a70723af9710589315126049c2b0613729a7601fea711
container-native-virtualization/aaq-operator-rhel9@sha256:2519a913edf163445c0819c465f3323b9d82e10bfd34129b79f83f5e395a41b9
container-native-virtualization/aaq-server-rhel9@sha256:96de7d4fd401026664eaff799585823a5906b7e72ed24c685648086f1e1c02e4
container-native-virtualization/bridge-marker-rhel9@sha256:09b473b05aa69cbc131c52ceea7885dd6a7367ccb80f6d3832da9df4e61cee1c
container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:690a5b5450c77fbc2c9928ff7849c447a6ec015f4dcd481060c49250a5509358
container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:abf9f568d866433b9c1a4f08b63ca6f11543171882694179b37b70feb75257de
container-native-virtualization/cnv-must-gather-rhel9@sha256:207cf6cbaf6a79f15146c8d6dba36979303e07f9793ace901b97e330f167ecc2
container-native-virtualization/hco-bundle-registry-rhel9@sha256:d9f6a92e9f8e1a14b243dd1c28ea3e2c3ad7a45aca410b8f4c24e697a32a57c4
container-native-virtualization/hostpath-csi-driver-rhel9@sha256:5f5f0b425c59626724f5e09ded54c670ac80b2c7279d49f61d9e40306b07e272
container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:bd4e4565518629c98f5bfa87e459425f9efcc8312f24e9428556d8593cc91f16
container-native-virtualization/hostpath-provisioner-rhel9@sha256:cb5d049a9c06d01ccb8548d6111e051263dfdfd99cbd8ecf1215fa0de692e8bf
container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:417c74820c9996c9ed5958be73b4e2edfb62d49d8afdcac819f70c9b407df20c
container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:66fa300a526204e9f4925b5a7d554bcce225935385625e040cee6fe75a44578d
container-native-virtualization/kubemacpool-rhel9@sha256:d1296ec61183139682510dde727114e406c6072ae8d4429b983f878c1bad8b21
container-native-virtualization/kubesecondarydns-rhel9@sha256:c18f0a4a085ffbbd0737cada237bb1965242648fb938317cde86d26670785d97
container-native-virtualization/kubevirt-apiserver-proxy-rhel9@sha256:68d4683b131e3d8d76af5c17e3a50e36c6ea9d1e9fe4fb32a519f830bcf98eaa
container-native-virtualization/kubevirt-common-instancetypes-rhel9@sha256:d438ddcf84de78b0235e340bc08002e2afb56d8a7f4a0c89f71bbb6564b7982e
container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:81d5f20abbe9d500a1423091099b5547245d901c917005baeee4c242da8deb01
container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:9bf95180f0cd4ebea96e0041df8d1fbfa9854029cfdd744360463bacd2ae444e
container-native-virtualization/kubevirt-realtime-checkup-rhel9@sha256:3ec79a119c0377f8940bea61d5acef2a142d79eb6e8c253d805192dcd48feb08
container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:c82dda7fe3abade25b973f5245273c4b69bec67cd5bfcf1181d36090b3e1e49f
container-native-virtualization/kubevirt-storage-checkup-rhel9@sha256:63601a0199cec20ef3ce7c7194fd3a6c8ffb3bbd43cb2401ccb7c6b8b1cd8016
container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:4f335f3874ee1394b7167b0b2bcf20a1f4b735f3189427e35632e46153123fff
container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:7291554489004db05824fe6087480c86e7d2307dce8e4a66fe23bd6df4734406
container-native-virtualization/kubevirt-template-validator-rhel9@sha256:dd5b0921375532de1914ad99af9bf297004744e34a65c59223ca6cb82667d95c
container-native-virtualization/libguestfs-tools-rhel9@sha256:de720a20dda05a48de4e72582b0914d3b5ee5cad5a637efdac38dbb0654b991d
container-native-virtualization/mtq-controller-rhel9@sha256:a11b3863959467dea87a535f15a5b775017942b953e6b0387e44e152b2fbb3ff
container-native-virtualization/mtq-lock-server-rhel9@sha256:2305a1d942e1a99063f9ff2d5a1e2f0328734d29ae447201afa190016024832c
container-native-virtualization/mtq-operator-rhel9@sha256:2fcaceb5089f65dbddd9acdd8484cc41198a4138b8376d49db14b680da8330e9
container-native-virtualization/multus-dynamic-networks-rhel9@sha256:aeda2c344f1fb0706a04495ceb7c5f5fc0bca7b2b3daa949847cf5f98d175e68
container-native-virtualization/ovs-cni-plugin-rhel9@sha256:9eb2dfb42ad50e6fe431a8518304712da3a35d21a0d2e609b281c6b45f3fbc76
container-native-virtualization/pr-helper-rhel9@sha256:c122c6bc64b926709fa42f9c37579b4cd412a4c032ddfab1e89edd5610ad6700
container-native-virtualization/virt-api-rhel9@sha256:0389262d2278d0019efce4612932a32af3a6423c2d7245e5495f466729157170
container-native-virtualization/virt-artifacts-server-rhel9@sha256:109296d7e17bb3bcd2050ef351f05ec2010075ac2110c232ba06210553b220d8
container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:3e8423020cd7e4b9ed5731a9821392dcf95e2c1004cc60ec81adf1dcef869b8b
container-native-virtualization/virt-cdi-cloner-rhel9@sha256:640102a1dfbb95c84258790f0a3508f42b994e24a2f3d3ff50eae13322f9eca6
container-native-virtualization/virt-cdi-controller-rhel9@sha256:8deb061a2f2677aeed034d5e08d70fb9d56a9ea5d257f0bd3ff29c1b86c3c1bf
container-native-virtualization/virt-cdi-importer-rhel9@sha256:f75d71f94736353d3e1c4d01ab20c7dfb94e7c11c42fd8396393b96d6e3f5fa9
container-native-virtualization/virt-cdi-operator-rhel9@sha256:422ad4ca96e2b12f89e04cea0b1bcaad7fd4e092993a0f24ca2b2c70ea2ad7cc
container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:c1537f4dd62ec6297b07a4a47642e8e1823f2eb764202e221c4849f684d6f351
container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8aca3b0011d9ee1f5983ae732de79968c2e4a48ed0720343490db30f92797b05
container-native-virtualization/virt-controller-rhel9@sha256:be63e57b256ef2a41f7053acf24265b254d96f293fcc7d20c0be4176060e91f8
container-native-virtualization/virt-exportproxy-rhel9@sha256:279bf530bae7e042dff88305f24ad7805ced02dcc960adfe61708f87ff61441f
container-native-virtualization/virt-exportserver-rhel9@sha256:f288029a586318d209d991fa654d42d52214c3c6dc1d41539e70eae7c0130dc1
container-native-virtualization/virt-handler-rhel9@sha256:a8f9ce5eb47454dc8085ac590487bbefa0904371b0325cfb06c9b93c0178bdae
container-native-virtualization/virt-launcher-rhel9@sha256:b1176298e989626d64f329ecc7617a66ce3d8478354e5e7aff3a3fb8b1fc5e05
container-native-virtualization/virt-operator-rhel9@sha256:5d04ca926ad1f29760f15d294c7d433217601508b98646d1f9fd4ccc8ffcdfe7
container-native-virtualization/virtio-win-rhel9@sha256:f32ca0dab69d238341ad822fe84333390efb832025d3a18d2e88895dc7309302
container-native-virtualization/vm-console-proxy-rhel9@sha256:100e1d5216b5ca9343eb58e61cfc77c069bf0e137a3ec67da519c4ed6d272b5d
container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:6f102d120c5059b43480273e9d223c8307c7ab2bb8887573b9b498863f2149d2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.