- Issued:
- 2024-08-13
- Updated:
- 2024-08-13
RHSA-2024:5314 - Security Advisory
Synopsis
Moderate: OpenShift Virtualization 4.13.10 Images security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Virtualization release 4.13.10 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Description
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.13.10 images.
Security Fix(es):
- axios: exposure of confidential data stored in cookies (CVE-2023-45857)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Container Native Virtualization 4.13 for RHEL 9 x86_64
Fixes
- BZ - 2248979 - CVE-2023-45857 axios: exposure of confidential data stored in cookies
- CNV-41951 - [4.13] Missing storageprofile setting for infinidat csi driver
- CNV-38482 - VMStorageClassWarning alert should fire only for clusters with Win VMs
- CNV-45277 - [4.13]virt-exportproxy route does not adhere to the ocp4-routes-protected-by-tls compliance rule
CVEs
- CVE-2020-28241
- CVE-2021-46848
- CVE-2021-47459
- CVE-2022-36227
- CVE-2022-36402
- CVE-2022-38457
- CVE-2022-40133
- CVE-2022-47629
- CVE-2022-48743
- CVE-2023-2953
- CVE-2023-3446
- CVE-2023-3817
- CVE-2023-4016
- CVE-2023-4408
- CVE-2023-5633
- CVE-2023-5678
- CVE-2023-6004
- CVE-2023-6597
- CVE-2023-6918
- CVE-2023-7104
- CVE-2023-32681
- CVE-2023-33951
- CVE-2023-33952
- CVE-2023-45229
- CVE-2023-45231
- CVE-2023-45235
- CVE-2023-45236
- CVE-2023-45237
- CVE-2023-45857
- CVE-2023-50387
- CVE-2023-50868
- CVE-2023-52425
- CVE-2023-52434
- CVE-2023-52439
- CVE-2023-52450
- CVE-2023-52518
- CVE-2023-52578
- CVE-2023-52707
- CVE-2023-52811
- CVE-2024-0450
- CVE-2024-1151
- CVE-2024-2398
- CVE-2024-2961
- CVE-2024-3651
- CVE-2024-4032
- CVE-2024-4418
- CVE-2024-4467
- CVE-2024-6409
- CVE-2024-24806
- CVE-2024-25062
- CVE-2024-26581
- CVE-2024-26668
- CVE-2024-26698
- CVE-2024-26704
- CVE-2024-26739
- CVE-2024-26773
- CVE-2024-26808
- CVE-2024-26810
- CVE-2024-26880
- CVE-2024-26908
- CVE-2024-26923
- CVE-2024-26925
- CVE-2024-26929
- CVE-2024-26931
- CVE-2024-26982
- CVE-2024-27016
- CVE-2024-27019
- CVE-2024-27020
- CVE-2024-27065
- CVE-2024-27417
- CVE-2024-28182
- CVE-2024-28757
- CVE-2024-28834
- CVE-2024-28835
- CVE-2024-32487
- CVE-2024-33599
- CVE-2024-33600
- CVE-2024-33601
- CVE-2024-33602
- CVE-2024-35791
- CVE-2024-35897
- CVE-2024-35899
- CVE-2024-35950
- CVE-2024-36025
- CVE-2024-36489
- CVE-2024-36904
- CVE-2024-36924
- CVE-2024-36952
- CVE-2024-36978
- CVE-2024-38596
aarch64
| container-native-virtualization/bridge-marker-rhel9@sha256:47fbeacd6f703081e17c0eefee625547327dde0854ac4e0480b4ca8f240b526f |
| container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:17f37cd7c6d6c934e3518c9564b108cca206fbb807fba811e7d9d80bdd6759b0 |
| container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:a526f4badf53c0153236a3d2bdf4da1d9dc90f170e474afcb90a365c9cc8a1fb |
| container-native-virtualization/cnv-must-gather-rhel9@sha256:ed85e0ff0d879079f00ac4db8ef6bb6442a0c203892747cb0cf16e4829102f36 |
| container-native-virtualization/hco-bundle-registry-rhel9@sha256:fc767db1f924404f58d3f53786b06aec5c64ba2a9210a172f649930bc386df6e |
| container-native-virtualization/hostpath-csi-driver-rhel9@sha256:d381b3acd1c20e8e9add194266645677659292ce83a6f73f5912f60741b4e13a |
| container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:b8db87159c14e4e11c53df4a1b9ecfa1dfac211a06ca1f8338f55aa765c1b4b1 |
| container-native-virtualization/hostpath-provisioner-rhel9@sha256:ecfb66e2731c27b564a6a5700a70410a029b078505089320126b405fe1da57bb |
| container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:7dbbd018f0f380eca54035fef8b528893bcf0fcb7bff21fc7b69a0311ed25c0e |
| container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:1035446fa52630a6bdf80fe3ef00d9a9bd854ea03f69cb40e66a2513346b337d |
| container-native-virtualization/kubemacpool-rhel9@sha256:436d340bf1aaf6ea8d61224d4c4efdd81170fc9621777b63567ccb4f43514f2b |
| container-native-virtualization/kubesecondarydns-rhel9@sha256:9b6778c58ca9eca586c22d37089bca6e300efdc136a67062b9229583974cffe4 |
| container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:7ec58c7b5e472562812bbfbc670c8125d3df564407c98e09520f919b47944148 |
| container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:2d26d1e33adc1fbb36b92583c985fc2a5e6baacba638b0b0387ac227dfbe2ed6 |
| container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:da4172696f5ba0f1ce25a1a9937db7eaa8d40711d4378ff30349869f92800626 |
| container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:25b49253816e01102a0f65c121b99c6d08115dfc0bc1269b2546dd92340673b2 |
| container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:15dd4f0ae6c615a1951c2933b99d569ec4ee199a80891f22540e24ba88b832f6 |
| container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:2082fd415e9bd92db19b18c94494e7686900a732309bdbf56197d31f80931cdb |
| container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:af64ce4736563ed586e58ddd8688867bc7c7cfea94cd73650fe285a5d799739e |
| container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:fca498721aeb2f56d9ea0f42b7ff4a1455bfa73fd117300ecdae0d28306a3a76 |
| container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:4ff16f5cfcbc3fb88282df902537fdb8e7f55f62640f48573d116510f3667e41 |
| container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:ff4d0d76f25c784321c2fc3a92121491b5901660df1d6b18fd2218ecc46298ce |
| container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:717a4ebf8eac68dc9f4d084f48cb440b80a63074e00c7b6e9129fb6a094a1c18 |
| container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:44146a9ca9c14e9957f39d9d79cada0d0a488ccbabfc4c99ecaa86ef21f3131a |
| container-native-virtualization/kubevirt-template-validator-rhel9@sha256:1177f8a6962005579158bbf680f9e339945eced80a42215f28165fb1000cef67 |
| container-native-virtualization/libguestfs-tools-rhel9@sha256:7aa3ea00849a63c66bd6c830ba1d9939bbbcfb52860e747b20a07bfd5a6361da |
| container-native-virtualization/multus-dynamic-networks-rhel9@sha256:e7570c4a422026af8a5d3450d42e3284f68ebd2a3b3f4fd17d34528a808fa600 |
| container-native-virtualization/ovs-cni-plugin-rhel9@sha256:14179da892ba43557f3ac38ed3f7928dc1670b349a7d5e360948afad39fbc7e9 |
| container-native-virtualization/virt-api-rhel9@sha256:89528403a221edea88cafdd6681acb1508e97c5cfc2edd49c3c62f605ad4c50a |
| container-native-virtualization/virt-artifacts-server-rhel9@sha256:cf7f889844fd573d0df7176fed845ca14753eab82497d1e54b107be7c66d831e |
| container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:5aaba23258242c87b6537e3c5db32e42fac4b23bead9fe137f5813bdd681c4db |
| container-native-virtualization/virt-cdi-cloner-rhel9@sha256:02b0c45ad75bd7e2e87d5ece32c3fd98037a17901b3c2a14fe02ac7b79289918 |
| container-native-virtualization/virt-cdi-controller-rhel9@sha256:fa3f9b66dd1310c30565fe254d06cb4e5b52986dd4e51f9ca42fa8a8b7f7cd8a |
| container-native-virtualization/virt-cdi-importer-rhel9@sha256:efa5b7d82e23db505cfa43b1295d9fc20d178e74d19ff631e7d313472dee7b43 |
| container-native-virtualization/virt-cdi-operator-rhel9@sha256:fba4dc815b69e385522a333faed53ace575d805ddaf0afbed78f15155b284184 |
| container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:bfd8b385be10564bf6a4ca650bdd116278f77f734d755e6695c13142445be5ed |
| container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:7d3858832f4a32e014cea0b590e1cad8514fc1020d79ea960fca524653a560d1 |
| container-native-virtualization/virt-controller-rhel9@sha256:5ff40d2608f731f3718c2d390cf640e73e4ae5deb72fab7b637f6c73ac5a5841 |
| container-native-virtualization/virt-exportproxy-rhel9@sha256:17b70495ea71ab3ebc149595d72e3512b257f499e5544fe309e503e48aa4466b |
| container-native-virtualization/virt-exportserver-rhel9@sha256:ce3e581e895c65fac83003979acdb5340088a8310f782170d2953e7eed512bb4 |
| container-native-virtualization/virt-handler-rhel9@sha256:5d6a37d561ce1f576b6b30979ae301c37b28f2d5290a2fb3f67aeefbaaaed34b |
| container-native-virtualization/virt-launcher-rhel9@sha256:97b713c305730d9f10b23741c4d510b20f1d3c210cadc54bb20f00cd76fde37c |
| container-native-virtualization/virt-operator-rhel9@sha256:5f30fc1baa633c9dad548e8bccaaa34cb3450ed818f34ae7d21043ac6ec60cf7 |
| container-native-virtualization/virtio-win-rhel9@sha256:1abae677c8b1f2c773962d9fd37aeb84e3a45b12e99a3e9a79715881820ef454 |
| container-native-virtualization/vm-console-proxy-rhel9@sha256:ee81fb5f510b8e99f36eaa02323ce5b004f7377b2eddfd5f3eb7cbc4682ee2b8 |
| container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ba3cef24c0335fc51da207f6528b766b35f86518f2d4ecfab93ac8e321a6cba4 |
x86_64
| container-native-virtualization/bridge-marker-rhel9@sha256:0a4a376ff222bed50e22b8c6bbb19955f40f5e88173afb81f3e112b4765dc85f |
| container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:e6297f16f14b2e3b132d978cad18ca874fbf222dfa2f99083111567d7abe8511 |
| container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:867c5f6587b16dd518c38f29cee59ac9e397739a4696b0abedb14c1c11f013b2 |
| container-native-virtualization/cnv-must-gather-rhel9@sha256:c6f48f9f7eaa004f191ac2082bd714d32ba54b0647955096dac4148c7ada81a7 |
| container-native-virtualization/hco-bundle-registry-rhel9@sha256:c5d3a50d4e3e303a21543f60aaadc518b163bdc11ce966ffefa90ed03b93d8df |
| container-native-virtualization/hostpath-csi-driver-rhel9@sha256:68fb3046f530fe9b56176e8859d05ea730532c5bfca6f9c2f75daf62e72e8303 |
| container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:706c5f30be8be9362df2e2f96f1d5924dcf4c91a406fbad783cd8c51a7e4733e |
| container-native-virtualization/hostpath-provisioner-rhel9@sha256:5dbd2dc3ccd0b252cbb8a1b09fa3cb0ceda1795001f9d2912ba6aba74a7db3b9 |
| container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:512d79c4f3f12d0a613c152a2a4d2b97abaffebaeb4b43f7bded5cc81ff6f42d |
| container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:7be61a84776a9c45fe6e1e023befe9dffaa9f9a6ab321eae907261b69e52e704 |
| container-native-virtualization/kubemacpool-rhel9@sha256:bad56e671cf0e8989ebdb03990e8bdf8cfd0a9c5d8ad59b345a2e4054af9872c |
| container-native-virtualization/kubesecondarydns-rhel9@sha256:6ed0f7a37463bf4b04ff1aa1179ba15a162e89632e95fd7c9568e66b0713c097 |
| container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:22129b7ccb8d2a61c1e88904163f5788a2c8d4b1f7e7f113db84ded01110099b |
| container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:09f10484a4ccf604bbb7b227574a06a2d1ef8867ac0f738d86e7fa396592ad8a |
| container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:ff78eec1b401b2774876de8e2b81041bf72efed4a0040e55e0a1dd0a0f208e7e |
| container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9a4c8a3a9ee70f1338b16995a534a14d54a49b50fc2bf3f80bc2e80139a94c72 |
| container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:5403cff627420f3e28ed16d8e649cfbe6f2cfd6035273a2d45c64eaa92df37c5 |
| container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:c2cd9e91fd4111230399577b39157018d0e78307b0a19d25c9f993047618533e |
| container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template-rhel9@sha256:703e2d48b0f05dcb269fc783c2c943a1a277e6a4c6a5765f5e938e48b3107f3f |
| container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:2c5847c946575c04557f0043ae1f795bb5ca468a58f43680477d426d6a6e4b51 |
| container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep-rhel9@sha256:140a87e54fe84e8865dec46021b6a3c2947636579d5c1dd3a026db185e4ca69c |
| container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:22fd674c44963592323e99f302a6705dc70a163622f5ebd6ce7e1425ea950426 |
| container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:c0cfbbe8e2fbb7355fe1db9a470b9be3dcdb9dcfab5e65fbf8775a5c342826d2 |
| container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:618bfc6f0b27e10a385d500dfac8de0cdee74a52e927988f6705420235b09b3a |
| container-native-virtualization/kubevirt-template-validator-rhel9@sha256:5e20f7ce0de305318a75e9f393fb343153f94f5bd9ce13064625659e44bb3dd1 |
| container-native-virtualization/libguestfs-tools-rhel9@sha256:960c6e2f5e66c343e308428fc8a0cf9c416367c76e7e7f5e1908038f5de60d2f |
| container-native-virtualization/multus-dynamic-networks-rhel9@sha256:fdc817dea9d04e06540231828afa79a2c682719ba44f440a320244068add03c3 |
| container-native-virtualization/ovs-cni-plugin-rhel9@sha256:200c9a8814f73f3a938e84a56cb766b8d96abab0f99ae75a3347d7ef5ea4b9de |
| container-native-virtualization/virt-api-rhel9@sha256:b38a331aae94a6637295970eb4adb856397cc9513a562c37ae0281d660c22802 |
| container-native-virtualization/virt-artifacts-server-rhel9@sha256:d7ac8f7d5b86f44f33af4b8f02676793d2be008b5e4872041d7497f11653f996 |
| container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:d487de62283c6d5dda0aecc32eb7d8b8e7be97db66c3b377642225090826f441 |
| container-native-virtualization/virt-cdi-cloner-rhel9@sha256:0bea72b36d82a21eef6dd8bb717d2a9be1754c7b690a52fd4258b9505d9fc55d |
| container-native-virtualization/virt-cdi-controller-rhel9@sha256:6242870ac677cd81245ecf58a9a04e0bd5134e4ab00d56a3b8076cb6a1b86312 |
| container-native-virtualization/virt-cdi-importer-rhel9@sha256:f870d36731cbfcfe3fb8d3d6e4011180d4c927159177d1b9903371c522868d8b |
| container-native-virtualization/virt-cdi-operator-rhel9@sha256:929c8c45a3b9b4029906689e6d47938760080a5a1a9c9c2eb9190a198159eefb |
| container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:ef6bebbeb328b5205e1c303e0793bb5a77ee599d779e96c43f4390439138189b |
| container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:1f7121396fc25cba0cf938f6f8726f8c2d124a34f9a50d70020aab2c8504b710 |
| container-native-virtualization/virt-controller-rhel9@sha256:26a78321a74f27a1b85e37cf58cf7baa4c4cd53a1858ae6e57442cd0bab2725a |
| container-native-virtualization/virt-exportproxy-rhel9@sha256:91a415042b179d9570f15f520087387ce508ab5c6dc487c684888913cc7bd8b3 |
| container-native-virtualization/virt-exportserver-rhel9@sha256:ca5605391aa958663f25844d0babf6938dd70f3b5d48547b01161ad618765881 |
| container-native-virtualization/virt-handler-rhel9@sha256:6f67e5c7939a95c845f75c103287dcea82a754e9f8d27fc76eca6f0c4a69361d |
| container-native-virtualization/virt-launcher-rhel9@sha256:5e069b798e469eec1d6ad3d1840d15652d5386707ac6518b3adfaa49960188b7 |
| container-native-virtualization/virt-operator-rhel9@sha256:c691ecf79727859ce828381bf023ab49fe74a2443f1039be0580cc4ce0a2702b |
| container-native-virtualization/virtio-win-rhel9@sha256:74a688af8fb2d3395b2067a1d9e89c5cc4674b73834810257fef3186a7e1d428 |
| container-native-virtualization/vm-console-proxy-rhel9@sha256:a29dbeaebe0d993994f0ec247ae08aa8c61b8512b69a439a7b326eb29353a681 |
| container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:ce3b788961434d7b796e1094e430ffdc0a887941a1dfbf1b0d4570d804abc75e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
