Issued:: 2024-10-23
Updated:: 2024-10-23

RHSA-2024:6341 - Security Advisory

Overview
Updated Images

Synopsis

Moderate: Kube Descheduler Operator for Red Hat OpenShift 5.1.0 for RHEL 9

Type/Severity

Security Advisory: Moderate

Topic

Kube Descheduler Operator for Red Hat OpenShift 5.1.0 for RHEL 9

Description

The Kube Descheduler Operator for Red Hat OpenShift is an optional
operator that deploys the descheduler, which is responsible for
evicting pods based on certain strategies.

Security Fix(es):

golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)
net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

Affected Products

Kube Descheduler Operator 5 x86_64

Fixes

BZ - 2279814 - CVE-2024-24788 golang: net: malformed DNS message can cause infinite loop
BZ - 2292787 - CVE-2024-24790 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
BZ - 2295310 - CVE-2024-24791 net/http: Denial of service due to improper 100-continue handling in net/http
OCPBUGS-41860 - Enabling thresholdPriority and thresholdPriorityClassName together it does not throw any error in the descheduler operator logs
OCPBUGS-11891 - Descheduling OpenShift Virtualization VMs using LowNodeUtilization results in unstable behavior

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

aarch64

kube-descheduler-operator/descheduler-rhel9@sha256:c8a57d66488a67e545ca81c7db7f25dd0692f0287ea0016d077d99f801c12c5e

kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:3403a591e6685c475fec7b3db90fd5a50408ab77813c208f86f805366a947cf8

kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:85efee7f79f949e9db9f53c28ecbf17ead766c5ac2b015d11d3075f8d16d0985

ppc64le

kube-descheduler-operator/descheduler-rhel9@sha256:619c646df5bb9ba4af1db5456bb14761e73b04c0b55438db0356e398e7b02444

kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:879d7b8d0b6af1738ff891966523122cdfdbf2bc4f4ff137a0eaec0e49651c35

kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:9649e854a0c82f349a8184c48211268f979e6a4b4c795f889335c9e02cfb9c61

s390x

kube-descheduler-operator/descheduler-rhel9@sha256:2e4cc0f9ff5669093baaa4a3449b10dfcf8540ca4121ecf2834a1ec9c21e1ad2

kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:a47ac5afe80a3abcd8f954b5ded6f5bbb636135118f2e8584eeb2b247a82b774

kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:08e3579810c8a63e2b118d3a91712d984da7032968219421a13765daa07d63bb

x86_64

kube-descheduler-operator/descheduler-rhel9@sha256:344d4e941bb5cdefb248a8bb7e0157ed9ee40124398cbbf6248f0bc92adb8b1a

kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:d8ccfec899fbd543a076c28bce386e9ec764bada413350ae53132863ebddaa71

kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:87c28d82c8b95be81b122d18ae05104c262a636bce5e6656b7d553b9dafb080a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation