Red Hat Product Errata RHSA-2024:3680 - Security Advisory
Issued:
2024-06-06
Updated:
2024-06-06

RHSA-2024:3680 - Security Advisory

Synopsis

Important: Red Hat OpenShift Service Mesh Containers for 2.4.8 security update

Type/Severity

Security Advisory: Important

Topic

Red Hat OpenShift Service Mesh Containers for 2.4.8

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.

Security Fix(es):

  • golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Service Mesh 2 for RHEL 8 x86_64
  • Red Hat OpenShift Service Mesh for Power 2 for RHEL 8 ppc64le
  • Red Hat OpenShift Service Mesh for IBM Z 2 for RHEL 8 s390x
  • Red Hat OpenShift Service Mesh for ARM 64 2 aarch64

Fixes

  • BZ - 2268273 - CVE-2023-45288 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

aarch64

openshift-service-mesh/grafana-rhel8@sha256:a3bb5c51d37acad8ca8b79c65db4802a0f45ef55837e2ea2fe37ad5bdbe83209
openshift-service-mesh/istio-cni-rhel8@sha256:07051d6eaeb948a47f27f5b2f8f626371ca818e2ce908a34dfbd849b3a54df85
openshift-service-mesh/istio-must-gather-rhel8@sha256:88713f86a767b31a5bbc06a166b6fc2fbcbebd993fa6a661e6aaaa8feea8e112
openshift-service-mesh/kiali-rhel8@sha256:0656ba8c53571b3f6f2a7d3edfe24c7e0ffd470f266f9a2047a638c2a9ce6bf1
openshift-service-mesh/pilot-rhel8@sha256:627bacea3ea3ec3b09ff3c60f85e4999223386fda05c013bcab81cff5b4040ba
openshift-service-mesh/prometheus-rhel8@sha256:e7607f4c476972bdab679380d3445d5fce52c1c9a152dc2f2c8d05bd2639af43
openshift-service-mesh/proxyv2-rhel8@sha256:5094ff524a15ec33feb8ed80bf444907dacc1920d2b0ae0297975bd19e5eac90
openshift-service-mesh/ratelimit-rhel8@sha256:a384fd5773eaed50640d9c9ac463ffb34dc5022b8ec9a4d111ce598397064e19

ppc64le

openshift-service-mesh/grafana-rhel8@sha256:46fdfa161b0729c45aaa032ff9b4b271fef9127bb9acc00c96c9d99cf4b0ce9f
openshift-service-mesh/istio-cni-rhel8@sha256:c3fc58490b6df89c05518127c47a8171891f12e696776878047bca65fa853603
openshift-service-mesh/istio-must-gather-rhel8@sha256:84c5124286c202d16ac43d3bf1a3a6934f46095cd6b9ac1bbb105639569d9782
openshift-service-mesh/kiali-rhel8@sha256:586b1b34b5164306c62c1372bbf666e254183055edf355c676c54e0144094555
openshift-service-mesh/pilot-rhel8@sha256:ce61048850e09a80a88a2a515d7cb9420ed843dc063b3fdb06bf58b399709fe1
openshift-service-mesh/prometheus-rhel8@sha256:b0b389a9ee14fbe748a6c5c96f6c4cc1462958f4a923af4de26c8ab4d4defcad
openshift-service-mesh/proxyv2-rhel8@sha256:65eec2ccdb679ba214033dfd47e06333045089daf3f13ce5bd997fd542a14afb
openshift-service-mesh/ratelimit-rhel8@sha256:b808268ee362145269e5f2420e2a0e05897660766e8f2ecc45aacfdc17e9eb4d

s390x

openshift-service-mesh/grafana-rhel8@sha256:0e955cc01c93bbc46266780fd09b6a4587002202a3bf5a4efb589755f4fcc4b0
openshift-service-mesh/istio-cni-rhel8@sha256:e618e1ba446211a227176d6d688c15f38823c0b91f93eaa5c23e64efafdc185d
openshift-service-mesh/istio-must-gather-rhel8@sha256:fe8b8162c68ad8c3e0ca7c61941cd18419cf41bda0afda7451c83a1be2528c51
openshift-service-mesh/kiali-rhel8@sha256:1b2f64166729c8a5b60d7e6eff5a8566c1b1a0809dae95d304769a8823203d76
openshift-service-mesh/pilot-rhel8@sha256:4d4a777974f068d538589cb5bed9ed21ce98038a682548e321f1beefdc55776e
openshift-service-mesh/prometheus-rhel8@sha256:ea0f149a53f861c3d587e0628987cf7ebe64a402dbda07c22eacb32eb1f6833e
openshift-service-mesh/proxyv2-rhel8@sha256:3fac99ca767649b893ab9096394942eac585a1e9f90d97734c67030792c1492a
openshift-service-mesh/ratelimit-rhel8@sha256:9c0cd79982a5fca5dad6a098f8176d717856c5a1cac740562a522811359e0ad8

x86_64

openshift-service-mesh/grafana-rhel8@sha256:ff0d832886cb3a27aa6388e08b3083b1a1bb8843cc40bef60da29079971c4942
openshift-service-mesh/istio-cni-rhel8@sha256:1e4ec039f046fb633bdea3c2a41b949cd240f205f1d8c54cadaae6038b68a95b
openshift-service-mesh/istio-must-gather-rhel8@sha256:5ba929ac6c543195cfa2c040d0b462cac1bda021541aac9d1d3f7bf1778b60a4
openshift-service-mesh/kiali-rhel8@sha256:d5864a73a82fc6029cbc94bb64d12e09f10945d1e1769c5456a4f304bb3d3ada
openshift-service-mesh/pilot-rhel8@sha256:f820a27e5fcb15c24a5cde48d0cc0c7ed397513cacc4678872d9009d83584387
openshift-service-mesh/prometheus-rhel8@sha256:1df4efcf6677bab8fac4cc82cc19687d78eb0fdc12dcff0b71a5c4e9400a6211
openshift-service-mesh/proxyv2-rhel8@sha256:5bd8061225ceaba7191351806531e76da9955fa1cbfd384d9988424f9622f59d
openshift-service-mesh/ratelimit-rhel8@sha256:fda3a77251f028df047f1e5d433ac7992b613bd824edcf3130cd91b10d7bd1ec

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.