Red Hat Product Errata RHSA-2024:4626 - Security Advisory
Issued:
2024-07-18
Updated:
2024-07-18

RHSA-2024:4626 - Security Advisory

Synopsis

Moderate: Errata Advisory for Red Hat OpenShift GitOps v1.11.6 security update

Type/Severity

Security Advisory: Moderate

Topic

An update is now available for Red Hat OpenShift GitOps v1.11.6. Red Hat
Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Errata Advisory for Red Hat OpenShift GitOps v1.11.6

Security Fix(es):

  • openshift-gitops-argocd-container: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [gitops-1.11](CVE-2024-24786)
  • openshift-gitops-argocd-container: helm: Missing YAML Content Leads To Panic [gitops-1.11](CVE-2024-26147)
  • openshift-gitops-argocd-container: helm: Dependency management path traversal [gitops-1.11](CVE-2024-25620)
  • Multiple CVEs in openshift-gitops-redis container

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift GitOps 1.11 x86_64
  • Red Hat OpenShift GitOps for IBM Power, little endian 1.11 ppc64le
  • Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.11 s390x
  • Red Hat OpenShift GitOps for ARM 64 1.11 aarch64

Fixes

  • BZ - 2264336 - CVE-2024-25620 helm: Dependency management path traversal
  • BZ - 2265440 - CVE-2024-26147 helm: Missing YAML Content Leads To Panic
  • BZ - 2268046 - CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

aarch64

openshift-gitops-1/argo-rollouts-rhel8@sha256:076add1204be36717a4f21320e25a1ef8f362b898a91860101e036585bd7e75e
openshift-gitops-1/argocd-rhel8@sha256:95a36f983a5f2811f0fef486e90b84081d9dffeffe032be6cddeddfa4592e423
openshift-gitops-1/console-plugin-rhel8@sha256:f804b7d402d3cfb45223e011912711bdd79d792e87e96ee6e8738f41e2bdd545
openshift-gitops-1/dex-rhel8@sha256:7a0eaaa28b1593222a089490bbe785519bad33dc1169982fbd54d3c971589409
openshift-gitops-1/gitops-rhel8@sha256:8a087169c5b03152752227249d862d824cd224bcd313e4894ad89a644f17c7d8
openshift-gitops-1/gitops-rhel8-operator@sha256:ec259fd03d43f8c71dd136baa7058e038adc172ac41d9a0bda72d89075a2faca
openshift-gitops-1/kam-delivery-rhel8@sha256:8078fdce62aaf915755f223a46f131cd683c4f52b1897300f2e51a164eec8e93
openshift-gitops-1/must-gather-rhel8@sha256:974db252e93173e2a2217fbff3c1a56aaa1411480a587a42d0c43275257d8809

ppc64le

openshift-gitops-1/argo-rollouts-rhel8@sha256:9d59ac72c98079a9b29ed9a1ff5b39c49a804e28fb344112454c902000417090
openshift-gitops-1/argocd-rhel8@sha256:af69609ef177ee3cea8ef04a056df8a4a422dbc83a2631781589b61c1ed6dea6
openshift-gitops-1/console-plugin-rhel8@sha256:5beea6b8cdb9e06fb0fb7f92beaf02a9e9ba7b8794df8fc6eaa279c861c54c1f
openshift-gitops-1/dex-rhel8@sha256:82d2a3ab03d511f5751d154159e80170e47ee55789d6cfba9d9237d16a1c42fb
openshift-gitops-1/gitops-rhel8@sha256:9a5e3e6da074aff464456750cca74ca47a3ab7b635948ac4cb8eba77e91f5938
openshift-gitops-1/gitops-rhel8-operator@sha256:8a0ff74e9378e2b1ba526b7bf4c7be033f22a4d4a4f40190a9e70b3306acf1be
openshift-gitops-1/kam-delivery-rhel8@sha256:6b4f257cf401049c9b8335a4c1f20ac8041a5e0d192279ead4fafbcd7e847e68
openshift-gitops-1/must-gather-rhel8@sha256:bda0dc71e5e11fc3e30c3a1e164aecb9d0eacc5ce01b8b19a9d446d9a9271fd6

s390x

openshift-gitops-1/argo-rollouts-rhel8@sha256:f40c487b2922ed5b109a036996c3800fa24a8ab40579a8184bd08c0fa0a0a82b
openshift-gitops-1/argocd-rhel8@sha256:f10e4081655abf6e5c99ad32000fe98f06299cbe55434908d3161d072fde2c20
openshift-gitops-1/console-plugin-rhel8@sha256:f9f4c3dc50ed732bd52ca77cd81adf56228772ace9792bbd8ac72714282db5ea
openshift-gitops-1/dex-rhel8@sha256:a9f2a4c1d771f91ed46acd849a2957fb984eecf2036d9b9c84f72847e1079d78
openshift-gitops-1/gitops-rhel8@sha256:59bf2f19376abfeae9afd2abcd3fab5594c1fd1b98d221b142cf992348347ea8
openshift-gitops-1/gitops-rhel8-operator@sha256:eef33c6fff1da9580c3b7003ecb3db73dc0af398b98f37639edf2af9cd21d0ec
openshift-gitops-1/kam-delivery-rhel8@sha256:fbfa33cb3c73a0052b46562926e617e078709d8275555e80537b86d75a50ad0d
openshift-gitops-1/must-gather-rhel8@sha256:64ac86cbd370d05a69c6c1cde6670ae8dc4dbc65ce416519a644237eecb195e0

x86_64

openshift-gitops-1/argo-rollouts-rhel8@sha256:93f63395cd0e2d8bd35e1d7d5187f65bdd8efc9b564c98a2e07ba875aa887da4
openshift-gitops-1/argocd-rhel8@sha256:b2fbdc3c9926b23f7e8506ad6a7062e6ca326bb3b69984762f7e4f29b1f4f93c
openshift-gitops-1/console-plugin-rhel8@sha256:98de5f96397f94c776a44554da00e80fee544a424404b4b64e91c65f6e463c5d
openshift-gitops-1/dex-rhel8@sha256:c9f1b0a58cefffb1aaa5e0eeb5e26ad1b24612f8b45987133cdb7fb4a0a98f5e
openshift-gitops-1/gitops-operator-bundle@sha256:9357bd76c40ce6d7fdf72075b7a8c0fac132017390cdc3864768947b48347b94
openshift-gitops-1/gitops-rhel8@sha256:92a28af94fa2f0f47d38e573068876760dd5b89a605c186bdcf4a1191391fe64
openshift-gitops-1/gitops-rhel8-operator@sha256:6bbc7f6e353d2d8cfcbcbb68472c97b6ff332c611780f645517a9d00937624f5
openshift-gitops-1/kam-delivery-rhel8@sha256:2b017899750d3945e786f75a85c9b0876bb9ee637c9c10b3f269a5976120776c
openshift-gitops-1/must-gather-rhel8@sha256:c16fc42f75a4b260316ae29b0ede0417771c76b0313291a8fc54a5f2eb8cf68b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.