Red Hat Product Errata RHSA-2024:5547 - Security Advisory
Issued:
2024-08-19
Updated:
2024-08-19

RHSA-2024:5547 - Security Advisory

Synopsis

Important: Red Hat OpenShift Data Foundation 4.16.1 bug fix and security update

Type/Severity

Security Advisory: Important

Topic

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.16.1 on Red Hat Enterprise Linux 9 from Red Hat Container Registry.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API.

Security Fix(es):

  • golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)
  • golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)
  • go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)
  • nodejs-ws: denial of service when handling a request with many HTTP headers (CVE-2024-37890)

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Data Foundation 4 for RHEL 9 x86_64
  • Red Hat OpenShift Data Foundation for IBM Power, little endian 4 for RHEL 9 ppc64le
  • Red Hat OpenShift Data Foundation for IBM Z and LinuxONE 4 for RHEL 9 s390x
  • Red Hat OpenShift Data Foundation for RHEL 9 ARM 4 aarch64

Fixes

  • BZ - 2231151 - [perf] nfs-ganesha container OOM killed during perf testing
  • BZ - 2274165 - [Tracker for https://bugzilla.redhat.com/show_bug.cgi?id=2292372] [GSS] ODF 4.14 Ceph MGR crashing after installation ImportError: Module not found
  • BZ - 2279814 - CVE-2024-24788 golang: net: malformed DNS message can cause infinite loop
  • BZ - 2292777 - CVE-2024-37890 nodejs-ws: denial of service when handling a request with many HTTP headers
  • BZ - 2292787 - CVE-2024-24790 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
  • BZ - 2294000 - CVE-2024-6104 go-retryablehttp: url might write sensitive information to log file
  • BZ - 2294407 - consume ibm-storage-odf-operator.v1.5.0 instead of ibm-storage-odf-operator.v1.4.1
  • BZ - 2297946 - update console API from v1alpha1 to v1
  • BZ - 2298656 - [Critical] Upgrade ceph version to RHCEPH-7.1z1 at ODF-4.16.1
  • BZ - 2298718 - [cloned] update console API from v1alpha1 to v1
  • BZ - 2299443 - OCS client operator running in non - provider mode need to be disabled
  • BZ - 2301880 - ocs-operator should export info that it is running in provider mode
  • BZ - 2302238 - Enable upgrade from 4.15 to 4.16.1
  • BZ - 2303080 - The default cephblockpool, cephfilesystem and cephobjectstore.rgw pools are created with a single PGs (pg_num 1 pgp_num 1)

aarch64

odf4/mcg-core-rhel9@sha256:b4e552db7dcd293fa421aa6ee9c6e91198c6be6dea70addcbd6c12687509631a
odf4/mcg-rhel9-operator@sha256:aab65b61fca5ff87dfdad973928df8c22c6231c14b838063bd2d44e4f16fe744
odf4/ocs-client-rhel9-operator@sha256:d19019a22f7611ce91c582c3294693eef2cdeefccb72f230f8e37ff111272c53
odf4/ocs-rhel9-operator@sha256:89fc88d2d80afd98ae222faae7bcde0088c236bc78dc7106c6752ebd6b22b678
odf4/odf-cli-rhel9@sha256:10e2fb7e9f301570b64b0332a98a590702dc3a88eeebf59c72bd194c88725011
odf4/odf-csi-addons-rhel9-operator@sha256:62c08cc5494bdb99f6aec1e9127747b64665889328b5203838ec772baa2e1a6c
odf4/odf-csi-addons-sidecar-rhel9@sha256:63c03249589cf2f5f870c646b780a5210cd639fb001b54662f7c578c374fb313
odf4/odf-multicluster-rhel9-operator@sha256:c03b89f953f3f22a57f241a78ef14cea1c463828e6c8a40f0d4d1373febd9bd9
odf4/odf-must-gather-rhel9@sha256:f073748405916c49c3c32918f7b95445dce54782b216f547da5d450190375bfb
odf4/odf-rhel9-operator@sha256:ee387d969e557da7dcb01221d54e09bdc30d8a09fa0a18286c323de0b372c0a6
odf4/odr-rhel9-operator@sha256:9bede4592dac7976c5e4eedb00f183ee1553e3f64a5a644098d32b47ae5d5c62

ppc64le

odf4/cephcsi-rhel9@sha256:1fd2db3d141cc063c6557000c8b1be2425712dc4262240c3c9195d8980772191
odf4/mcg-core-rhel9@sha256:bae697a9acabba4a6ef4b4a16ecb17e102bb4bb8b1c05f93a806701c055bc3eb
odf4/mcg-operator-bundle@sha256:833c743bef3449dce3c0521590dfbe5e07105dece7f6c8e08dc4d1d402905d7b
odf4/mcg-rhel9-operator@sha256:d817e724ace3b1b6e05614499c0cb635b567dcbbc71f619d6f41cb85c4b34744
odf4/ocs-client-console-rhel9@sha256:6f71bd3411a04389d302e863acd5351e753b614f4f077aee0274056ce23739b4
odf4/ocs-client-operator-bundle@sha256:be27d3e25035448bcaa691658adeebeacf582d8f19db3e997caab33cf6e8732e
odf4/ocs-client-rhel9-operator@sha256:95faa45331614593c4b6e3994656d7fde32476598ef46ec0b9cff5be02483b90
odf4/ocs-metrics-exporter-rhel9@sha256:8e9371822e053e7a29cd87853feef39ffa782a626a2bd895a7fb506362d70561
odf4/ocs-operator-bundle@sha256:748d2241aa0c3fda48079434de8f2938013853a492f96a3d83dbc6ea3f977189
odf4/ocs-rhel9-operator@sha256:2cd2d4df67b9987d5b03f101f21d8ec543c54c80453f63ffe0c9992de51fb31b
odf4/odf-cli-rhel9@sha256:091456b9e9b39855047c5ce8320279a01c13b24dd50f6fb9fd260b4cbef09419
odf4/odf-console-rhel9@sha256:044b361bcf5b0d620341c54c2cb231e10b989813a2fd623a1547448b4993135e
odf4/odf-cosi-sidecar-rhel9@sha256:5019b0d3275597287b4a03f643980928792d2ec7ce8375ceb61b2950d4b6264f
odf4/odf-csi-addons-operator-bundle@sha256:3aff54b2c780272a3a72826a8f108407c46a6baf9d5695dfe015830d3c839923
odf4/odf-csi-addons-rhel9-operator@sha256:c3d4b853eb155443081d228bf19fe1354907d607c400a2154f8eef375fd104d2
odf4/odf-csi-addons-sidecar-rhel9@sha256:f0139a2bc50f5648d778fa235cb56fb0a8cbb7c6c2f479766196a58289319a59
odf4/odf-multicluster-console-rhel9@sha256:6f3ad3936d057e0ffada026ea9940ff617b4ce4ee9f95188c4fe910d587cd91a
odf4/odf-multicluster-operator-bundle@sha256:9de2f1d40808aa283f1cba24bb4c0a75240a1602bcd2ed86e7f3b4f3815c4af8
odf4/odf-multicluster-rhel9-operator@sha256:6e4015d0e3c292554944cb03c9cebff4f48ef3e2d8cef026aa11ca3fe9bf036d
odf4/odf-must-gather-rhel9@sha256:41c93c132be814679f8d314ec58580184ca339fca478acc556700f57432950c6
odf4/odf-operator-bundle@sha256:f67b0a900630db2210065cbf1aeab14d12a13070d8585a2e65a1d29b89529b2c
odf4/odf-prometheus-operator-bundle@sha256:e92d7d74389200c8b99a15f8ef26e6f200d1b6a3d83fd05512a561877fa711d2
odf4/odf-rhel9-operator@sha256:e7729f564d90aad4251e5d3ad4fd16c47fb7f9131b80e19783d7a8165b00edd7
odf4/odr-cluster-operator-bundle@sha256:7541142b3bfc75c4b77af0c0a030af176c2950abfe184baf13661ab5cd46d0ef
odf4/odr-hub-operator-bundle@sha256:5181636b5baec86e70fb99c1bc85c5be3cb0f04eabec4ea1b1e641535b351254
odf4/odr-recipe-operator-bundle@sha256:25b4e308664bc79e2fd2f8cb3164d0783a138a0e9c50ab7ae4e56ab2c81661ce
odf4/odr-rhel9-operator@sha256:d7f7e96d499d455be312cbbe5ca3b9fdd908c0b5f32bf9084485b187d011468b
odf4/rook-ceph-operator-bundle@sha256:36263cf26f4b46ec367fda44585e9d9b777179e39e596a2a9a6d80c16a810560
odf4/rook-ceph-rhel9-operator@sha256:2266033ffe27d8fdf9400cabb687b1eaa270c4413cc578742677a355bc48bb3f

s390x

odf4/cephcsi-rhel9@sha256:cbe15eaab7f10fe9b4c9bfa6e3d1f0351d8cbbc27d5d96627e11e9c861da29d9
odf4/mcg-core-rhel9@sha256:d293b85fa2d8a749f802ddba16f4f6ed3dff5c8d7b0b1cb56527401da37772b4
odf4/mcg-operator-bundle@sha256:0321e7c87a5a64fa0936584badd2848e79c0071800f596b7d177fcc68553bd22
odf4/mcg-rhel9-operator@sha256:3ef8732d07e7a5ce8d8decdf01c46924f93c552e82d7805a251bfe368b62c6de
odf4/ocs-client-console-rhel9@sha256:7f6c46935a8eab7e09333068aed758aa275b9d5fd7282f15b5fd85070fe28875
odf4/ocs-client-operator-bundle@sha256:8129b7ae939cffb029ac10631d29c6ea081928c4f42ee7ba7de91f3a6f6bf7ef
odf4/ocs-client-rhel9-operator@sha256:09456ceabf9dd2f05837d65632a920f537e36695e7342ae70f20c363284859ec
odf4/ocs-metrics-exporter-rhel9@sha256:e0f9bc46a2c99eedadeac36117081f1d0e1cf6c979e1162cb0039540e286fbb0
odf4/ocs-operator-bundle@sha256:ec4ae584df707de94c71a61bb3be58fda42f739eebc564855feff87126aa21a0
odf4/ocs-rhel9-operator@sha256:c140ed81d2fb76971ef12534a1360b869f036f87d94b4a843770366a469847af
odf4/odf-cli-rhel9@sha256:9b5f8076b5e6c1db98ad72c8787b08b12ecd42a1bf7feada78b3f28dc15c40cb
odf4/odf-console-rhel9@sha256:43f56e9a6e4dcd6a671fb77ab57f6dd39e3a7975824e02780ddf69191f00a014
odf4/odf-cosi-sidecar-rhel9@sha256:de8ae72cf2b6bcf851a79e82d25504ca68431a5e2a77ea7140f76c57cf72e8f5
odf4/odf-csi-addons-operator-bundle@sha256:faefc8cc0c5af0e83f5dec570a290ff512fb6d3f956fc0453a9754baaee5571e
odf4/odf-csi-addons-rhel9-operator@sha256:8b9b293463f18fd6786c77de8e9a9958cfd416f75136d1d9ec17cd01ac4ba39d
odf4/odf-csi-addons-sidecar-rhel9@sha256:0d970bcfa5bd479eaa979a079da6847ca3180ef85a364cc76623ea5553a16471
odf4/odf-multicluster-console-rhel9@sha256:05c3b02e9071d837bfbadfc9c9fd4d4a2a2e165138efcfee0040f7d293bd5b73
odf4/odf-multicluster-operator-bundle@sha256:33150f654b436240a720f25aa6061c84a3acf71fedf78544c027c1873f5de8ad
odf4/odf-multicluster-rhel9-operator@sha256:7d2e92b9644ea87a63f180d5df94a90dda73877edec4382046424260749d4c8f
odf4/odf-must-gather-rhel9@sha256:f5d1f5027a5485e2432eabdee72fbf636b00e25eee3704aa37ea5b07ff6a20a1
odf4/odf-operator-bundle@sha256:8fdd6f5608b742ee31926cfa9e2f7e295be4a9931d757c7693f98a7d5d4478a3
odf4/odf-prometheus-operator-bundle@sha256:6e165539443c883df627d1d3a067c2015ab4b8c92636f0eaa03ab704338cde84
odf4/odf-rhel9-operator@sha256:0a57f08a5871b21ea226a42411c422acd5e4dd01a8d2966fcfdaf538ec36145d
odf4/odr-cluster-operator-bundle@sha256:7e1eb3a5aacfb9857628c5cb8c6aa3497ecbbf57fd20d2fc075bed7c46a4d374
odf4/odr-hub-operator-bundle@sha256:9930309a4b39177c64e59e80d38b335a56707b555735cfb300a7427e884041c5
odf4/odr-recipe-operator-bundle@sha256:ae49eac8ca8c9d7d4f56a87e58725de23f1d1f9779a4d87dd357b09ef43e30a5
odf4/odr-rhel9-operator@sha256:cb972df19c908be774dab768adaad68e7f77e91a090268f87dd9357fda94f4e6
odf4/rook-ceph-operator-bundle@sha256:df2bc89fc87efd94ba809e961262574a2a6032f9dcb26149480cdd4505864a6a
odf4/rook-ceph-rhel9-operator@sha256:a5712cee59edac6e8be064660ec7f8920169e728250a891d8437c9a8838f09d5

x86_64

odf4/cephcsi-rhel9@sha256:d4177d019b86fec5610d852b8b90e6464190969e75de9172f2f252c26076d40d
odf4/mcg-core-rhel9@sha256:52b894a194732eac846c63a3669b128d6505b8b944c60cf1ee07c7daa201c9c3
odf4/mcg-operator-bundle@sha256:3d8a3e1cbf57c99a46d0901a1eb6f00f7a957b90a7868d394785e446f643c5ca
odf4/mcg-rhel9-operator@sha256:7ad5dc366963e89022aacc0f8be37d16b0e63dde3ffc7dc49805c300ee61c496
odf4/ocs-client-console-rhel9@sha256:773c39dc89b6b4cc82e4c78f50d4fb16bd70b611efcb65ea4b767d98fea4f7e3
odf4/ocs-client-operator-bundle@sha256:ce6105258794e33e5a805a95c21e9f553922e1753076345aedcc9174fa4f7d5b
odf4/ocs-client-rhel9-operator@sha256:fdd7c5a2cd69132f5caf4974ed27d49f78f49208ecdedec86d84b7fbdd306994
odf4/ocs-metrics-exporter-rhel9@sha256:2b0078eb2656243a6d91445c2c23a40af9fb2607f107edd5d557e928518211ce
odf4/ocs-operator-bundle@sha256:3d21dd55a83990ef51325c636c0a613ee5050a4b8b2708bc1bb1d8de1792166b
odf4/ocs-rhel9-operator@sha256:b8ff70b7eef2a44b5d13906520b93fa78e1fa18ebe2bb28ed0c77dd0d48655a7
odf4/odf-cli-rhel9@sha256:8f3c4e1e314ba6f7dac92607f423c44063ccc7fc47a3289f8608e1dc291d09f1
odf4/odf-console-rhel9@sha256:502f89052820047914291c9e0e1d32e5ac20c8a636e36cbf2c130762a2eeb986
odf4/odf-cosi-sidecar-rhel9@sha256:ffc67cb8919aa9bc473873e06b4dab344b25191a27be05adc5035fee71860098
odf4/odf-csi-addons-operator-bundle@sha256:ecc29880c89cb5c85e6e58a0f3e8df813bf2320cba98b5f8d71ba847fa16c74e
odf4/odf-csi-addons-rhel9-operator@sha256:5ba373175faf5e0b6300c99b19ac78da68fd8afe68a06abe644a2e2b372780d2
odf4/odf-csi-addons-sidecar-rhel9@sha256:dba89ebb9208e7c32c4801e2b9496a49d2cfcddd9f19b3617e864a1a72237910
odf4/odf-multicluster-console-rhel9@sha256:16ee0717876873aac106d8f42312edc2dbffe36ee258e3e83ac2347538f23e59
odf4/odf-multicluster-operator-bundle@sha256:280f33301ebc9fdcbc7eda72e31188f9b25cc32de5737115bd033bfafa1062de
odf4/odf-multicluster-rhel9-operator@sha256:4b84738510cde9310c3ac39ad26593275c476cf397e4814289ee7b9f1707ec37
odf4/odf-must-gather-rhel9@sha256:ecd0d536e9d2fd3be8a6ba4fcfce28c5b7f85bd9bcba79035c0093d742fee3e8
odf4/odf-operator-bundle@sha256:37491837de2c3415489fbd8ad1d6024870c4b198f4061192b7a1a652e0db0d54
odf4/odf-prometheus-operator-bundle@sha256:5d9dc6a193e2aca2a570ef2dbe7b745435e4434e1ac4cbf80eb1985484b9911c
odf4/odf-rhel9-operator@sha256:c4dd62904288ad05de37ebd4341f090abb1bdd6bd459fde2f5f8b81007c53b72
odf4/odr-cluster-operator-bundle@sha256:a06d3da1fbd2fd8e793f5aa308ecee42d6d2c682e0dff190b3f7fc71fdf486a2
odf4/odr-hub-operator-bundle@sha256:90c0ebeaf2280e8a5cf03bf6bae52b9b54920f3584ae99babd2b51d1dd2e973d
odf4/odr-recipe-operator-bundle@sha256:e1597771478a328212df8f49b02ea1a4a22a9f85ba6dbb2248a4ea8a6a5745a2
odf4/odr-rhel9-operator@sha256:effdbb4f18db583c8502caf0c878051c45c6d375d6bd1fddb0a4dff076216200
odf4/rook-ceph-operator-bundle@sha256:1c15eb62c937ef2c21fa002547d9ffe999a462eb549485396968f91470772e14
odf4/rook-ceph-rhel9-operator@sha256:2a5989590eb30689fdec4c533045cdc78af7fb43ec0ace8740b4903e71aa1032

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.