Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2024:3617 - Security Advisory
Issued:
2024-07-01
Updated:
2024-07-01

RHSA-2024:3617 - Security Advisory

  • Overview
  • Updated Images

Synopsis

Moderate: Kube Descheduler Operator for Red Hat OpenShift 5.0.1 for RHEL 9

Type/Severity

Security Advisory: Moderate

Topic

Kube Descheduler Operator for Red Hat OpenShift 5.0.1 for RHEL 9

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

The Kube Descheduler Operator for Red Hat OpenShift is an optional
operator that deploys the descheduler, which is responsible for
evicting pods based on certain strategies.

Security Fix(es):

  • golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
  • golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
  • golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
  • golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
  • golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

Affected Products

  • Kube Descheduler Operator 5 x86_64

Fixes

  • BZ - 2268017 - CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm
  • BZ - 2268019 - CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
  • BZ - 2268021 - CVE-2024-24784 golang: net/mail: comments in display names are incorrectly handled
  • BZ - 2268022 - CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping
  • BZ - 2268046 - CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
  • WRKLDS-1059 - 07- [KDO 5.0.1] GA Release

CVEs

  • CVE-2023-45290
  • CVE-2024-24783
  • CVE-2024-24784
  • CVE-2024-24785
  • CVE-2024-24786

References

  • https://access.redhat.com/security/updates/classification/#moderate

aarch64

kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d
kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab
kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35

ppc64le

kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f
kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360
kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac

s390x

kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0
kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821
kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8

x86_64

kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b
kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89
kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility