- Issued:
- 2024-10-23
- Updated:
- 2024-10-23
RHSA-2024:6341 - Security Advisory
Synopsis
Moderate: Kube Descheduler Operator for Red Hat OpenShift 5.1.0 for RHEL 9
Type/Severity
Security Advisory: Moderate
Topic
Kube Descheduler Operator for Red Hat OpenShift 5.1.0 for RHEL 9
Description
The Kube Descheduler Operator for Red Hat OpenShift is an optional
operator that deploys the descheduler, which is responsible for
evicting pods based on certain strategies.
Security Fix(es):
- golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)
- golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)
- net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
Affected Products
- Kube Descheduler Operator 5 x86_64
Fixes
- BZ - 2279814 - CVE-2024-24788 golang: net: malformed DNS message can cause infinite loop
- BZ - 2292787 - CVE-2024-24790 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
- BZ - 2295310 - CVE-2024-24791 net/http: Denial of service due to improper 100-continue handling in net/http
- OCPBUGS-41860 - Enabling thresholdPriority and thresholdPriorityClassName together it does not throw any error in the descheduler operator logs
- OCPBUGS-11891 - Descheduling OpenShift Virtualization VMs using LowNodeUtilization results in unstable behavior
CVEs
aarch64
kube-descheduler-operator/descheduler-rhel9@sha256:c8a57d66488a67e545ca81c7db7f25dd0692f0287ea0016d077d99f801c12c5e |
kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:3403a591e6685c475fec7b3db90fd5a50408ab77813c208f86f805366a947cf8 |
kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:85efee7f79f949e9db9f53c28ecbf17ead766c5ac2b015d11d3075f8d16d0985 |
ppc64le
kube-descheduler-operator/descheduler-rhel9@sha256:619c646df5bb9ba4af1db5456bb14761e73b04c0b55438db0356e398e7b02444 |
kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:879d7b8d0b6af1738ff891966523122cdfdbf2bc4f4ff137a0eaec0e49651c35 |
kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:9649e854a0c82f349a8184c48211268f979e6a4b4c795f889335c9e02cfb9c61 |
s390x
kube-descheduler-operator/descheduler-rhel9@sha256:2e4cc0f9ff5669093baaa4a3449b10dfcf8540ca4121ecf2834a1ec9c21e1ad2 |
kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:a47ac5afe80a3abcd8f954b5ded6f5bbb636135118f2e8584eeb2b247a82b774 |
kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:08e3579810c8a63e2b118d3a91712d984da7032968219421a13765daa07d63bb |
x86_64
kube-descheduler-operator/descheduler-rhel9@sha256:344d4e941bb5cdefb248a8bb7e0157ed9ee40124398cbbf6248f0bc92adb8b1a |
kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:d8ccfec899fbd543a076c28bce386e9ec764bada413350ae53132863ebddaa71 |
kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:87c28d82c8b95be81b122d18ae05104c262a636bce5e6656b7d553b9dafb080a |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.