Red Hat Product Errata RHSA-2024:7074 - Security Advisory
Issued:
2024-09-25
Updated:
2024-09-25

RHSA-2024:7074 - Security Advisory

Synopsis

Moderate: Network Observability 1.6.2 for OpenShift

Type/Severity

Security Advisory: Moderate

Topic

Network Observability 1.6 for Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

Network Observability 1.6.2

Security Fix(es):

  • CVE-2024-24791 golang: net/http: Denial of service due to improper 100-continue handling in net/http

Solution

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Network Observability (NETOBSERV) 1 for RHEL 9 x86_64
  • Network Observability (NETOBSERV) for ARM 64 1 for RHEL 9 aarch64
  • Network Observability (NETOBSERV) for IBM Power, little endian 1 for RHEL 9 ppc64le
  • Network Observability (NETOBSERV) for IBM Z and LinuxONE 1 for RHEL 9 s390x

Fixes

  • BZ - 2295310 - CVE-2024-24791 net/http: Denial of service due to improper 100-continue handling in net/http
  • NETOBSERV-1737 - consolePlugin fails to get deployed on 4.17 cluster

aarch64

network-observability/network-observability-cli-rhel9@sha256:08061099dd56003eba747caa38833fa8520494c248a63c823177f6c366a88ad6
network-observability/network-observability-console-plugin-rhel9@sha256:7ac532d0e64293c00bd8d6ba5d7f75cff3c7061093012f4083f7aadd2ed15782
network-observability/network-observability-ebpf-agent-rhel9@sha256:4f52e907c14a3240233769df66df8cfaa4af444d7c833b72db0e90752b185082
network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:baad5c13f37af2b2982f22e48ee82bac419243bca740e98a9a3ddd9d353405e2
network-observability/network-observability-operator-bundle@sha256:6f26d901829fc91f33fc4f493061a9fb86b95044cd2bd90851a8bbae1daf125c
network-observability/network-observability-rhel9-operator@sha256:59153cd47887ec7a2f381f715a5b85d776f0d1c575a256b1c4446b5fbec51ca5

ppc64le

network-observability/network-observability-cli-rhel9@sha256:4c84586de47f2c4dc60ca83d1d295dc8e903d86e540df358bba198147695efd5
network-observability/network-observability-console-plugin-rhel9@sha256:cc5574259ed4d2402625c3d1d18edccc02a07475ca19111822a84085f86df49a
network-observability/network-observability-ebpf-agent-rhel9@sha256:f13a031065ead5d0fd10ee0496bc8984c51b7589d33e786803918e24695f40b8
network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:ab8deae54f8209e8bb6824522262edb80a5520a6da7447a75294206684ed9bcf
network-observability/network-observability-operator-bundle@sha256:42427ede975d2cc1f8392b972657e0cf779355fcb820d72af47c81594203d797
network-observability/network-observability-rhel9-operator@sha256:5d51fc74c54f9fb2b0a63022dae91cb9983d5ff1f75a4e5bd64f220f512b86b5

s390x

network-observability/network-observability-cli-rhel9@sha256:fcaa0f8f18af0bbe3594ce1b1751aa5d02d1b595c5545dec4d604bd71a2aa631
network-observability/network-observability-console-plugin-rhel9@sha256:bb6affd3b2483cc8bbab5f191f4fef9cd50363643a2d83cfd5b598fd05b87c7b
network-observability/network-observability-ebpf-agent-rhel9@sha256:e674e1a658c750003cdfb770448ea970e5a3007c8f6d15ca5c009435bd593454
network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:f2f8448377cada16794e49dcb5454c99cc30afcb0d230c7ac536b33144f9835e
network-observability/network-observability-operator-bundle@sha256:ae97dd20d081d857eaf73746dbe84fb1aae87fe62e2c21cbf130628b874699c9
network-observability/network-observability-rhel9-operator@sha256:cbafe19cf76b1e3f6ccc143090239e54592e7152b39b1ae4a7d817078457f392

x86_64

network-observability/network-observability-cli-rhel9@sha256:475787c23c73a94e4f7f4e8cd04a29f792ff2266f5f70bd92e684fccb2d4b36e
network-observability/network-observability-console-plugin-rhel9@sha256:f70153cd4f9dc1b56f379e03e7b90d198617789581106d5eff69930e00d73f10
network-observability/network-observability-ebpf-agent-rhel9@sha256:591c264a688a7f02e325d509be7e8f234825c0c31630aff0773981f98c6dcefb
network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:94aaf6b8f8bbee82a632a2f45efd9fbd7d5a62cffa54dde712f291ca48a3c33c
network-observability/network-observability-operator-bundle@sha256:f660759b145bd0053ac756def298ae9a3727d84685dc06cd3ee9bbbaaa68971a
network-observability/network-observability-rhel9-operator@sha256:dfd7eaa7057c5962c2ef8447246a86c04d8a9ba1742db8bbc03cf11a720b4cc4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.