Red Hat Product Errata RHSA-2025:0082 - Security Advisory
Issued:
2025-01-08
Updated:
2025-01-08

RHSA-2025:0082 - Security Advisory

Synopsis

Important: Red Hat OpenShift Data Foundation 4.16.5 Bug Fix Update

Type/Severity

Security Advisory: Important

Topic

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.16.5 on Red Hat Enterprise Linux 9 from Red Hat Container Registry.

Description

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3 compatible API.

Security Fix(es) from Bugzilla:

  • dompurify: DOMPurify vulnerable to tampering by prototype pollution (CVE-2024-48910)
  • tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)
  • css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)
  • net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)
  • path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)
  • express: Improper Input Handling in Express Redirects (CVE-2024-43796)
  • send: Code Execution Vulnerability in Send Library (CVE-2024-43799)
  • serve-static: Improper Sanitization in serve-static (CVE-2024-43800)
  • nanoid: nanoid mishandles non-integer values (CVE-2024-55565)
  • cross-spawn: regular expression denial of service (CVE-2024-21538)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Data Foundation 4 for RHEL 9 x86_64
  • Red Hat OpenShift Data Foundation for IBM Power, little endian 4 for RHEL 9 ppc64le
  • Red Hat OpenShift Data Foundation for IBM Z and LinuxONE 4 for RHEL 9 s390x
  • Red Hat OpenShift Data Foundation for RHEL 9 ARM 4 aarch64

Fixes

  • BZ - 2219310 - CVE-2023-26136 tough-cookie: prototype pollution in cookie memstore
  • BZ - 2250364 - CVE-2023-26364 css-tools: Improper Input Validation causes Denial of Service via Regular Expression
  • BZ - 2295310 - CVE-2024-24791 net/http: Denial of service due to improper 100-continue handling in net/http
  • BZ - 2310908 - CVE-2024-45296 path-to-regexp: Backtracking regular expressions cause ReDoS
  • BZ - 2311152 - CVE-2024-43796 express: Improper Input Handling in Express Redirects
  • BZ - 2311153 - CVE-2024-43799 send: Code Execution Vulnerability in Send Library
  • BZ - 2311154 - CVE-2024-43800 serve-static: Improper Sanitization in serve-static
  • BZ - 2322949 - CVE-2024-48910 dompurify: DOMPurify vulnerable to tampering by prototype pollution
  • BZ - 2324550 - CVE-2024-21538 cross-spawn: regular expression denial of service
  • BZ - 2331063 - CVE-2024-55565 nanoid: nanoid mishandles non-integer values

aarch64

odf4/mcg-core-rhel9@sha256:e48d4ddfa672b0064ecad9879e6085033416efcc512926993aaf024b6744edfe
odf4/mcg-rhel9-operator@sha256:2737626100f4945fff15ff5d0c996ea8f1e572bf54bd7822c3dd74a7314b8af8
odf4/ocs-client-rhel9-operator@sha256:5acdb6ab66ec76754599e043609ed5e7f0fd843ddf53502a0ef195513a745961
odf4/ocs-rhel9-operator@sha256:539a79df9a5ac1b665edfea2f7e3b8c752a75a6936ecbc521661997357574142
odf4/odf-cli-rhel9@sha256:3a973a7e54e6d48cec334444ed04bb3510e815c05f1dceb514972218166cfd7a
odf4/odf-csi-addons-rhel9-operator@sha256:0fcdc5ea7d302d83fb3f0d1a20d35a2a10f81b2fb32737cb8e4291107b9c57c2
odf4/odf-csi-addons-sidecar-rhel9@sha256:2d2d25af1cd85c40e9fbfe8bbe3afae9faafa317aa0f95e8d17f1255cc9920b6
odf4/odf-multicluster-rhel9-operator@sha256:697c61df7486b81cf5fed243d7a9125d849f40c95e2fc9b26e340532aa256b5d
odf4/odf-must-gather-rhel9@sha256:75c478d0914c740875ce98b6129dbf24e2fa736a9e71850ab74458f0d7ae50c6
odf4/odf-rhel9-operator@sha256:58c83910a7856908b0b8e3657df04fcb72b119a9c7c2f7797b347e2f042e14a9
odf4/odr-rhel9-operator@sha256:6caf23c5354877f47821418df328515c321d09baf5c7b4194a4262dcd6cedfd8

ppc64le

odf4/cephcsi-rhel9@sha256:7ceb5166d9c43137bb81f019bd6b44b3bf9a51dc4d08cd28a5fd61ce7b1275e6
odf4/mcg-core-rhel9@sha256:801016723fe155f51b4bd560af9f959cfdbae156e836f70c38fc4ac128e84224
odf4/mcg-operator-bundle@sha256:a0886744f3fb3f5943777d79da683db3b2b0ff0122856bb0b2eb907a5e4fb57f
odf4/mcg-rhel9-operator@sha256:b31bd2ab42dfb4e8526d28dd95052f3a5195db188aa28a68ef536d010a93dcf3
odf4/ocs-client-console-rhel9@sha256:2bf3f4edb13153991f1a6c13782c49b0885c4fc990891875de48f3d9214c3202
odf4/ocs-client-operator-bundle@sha256:a733de2812f7da8780cb69c2ea952da380e9511c7aac83c36c34039bb68e8d0e
odf4/ocs-client-rhel9-operator@sha256:4a6ddcce3b60bb13482c868a18f05219c7a061035e02148af77c959a12a69a9a
odf4/ocs-metrics-exporter-rhel9@sha256:217506c01c3159c685e01965b0c36eb81d931fe5b02c80b99108c09df0fdd1b6
odf4/ocs-operator-bundle@sha256:94717251c9f063dfd16656a3fcf05c79dd4a7b48ea6a3e19650eedb61d10e216
odf4/ocs-rhel9-operator@sha256:9ad93c0b370f6f77a3d694deb54b2b61050ca5bde5d8617b8bffe6d32fdec73d
odf4/odf-cli-rhel9@sha256:9e7db264f858f77c58c37f397a02c5c7b4e42900bbef67d95e21b6adb72ef64a
odf4/odf-console-rhel9@sha256:e0e8ae6ca92a0e823240f7f795c46b6fb734f496df535b23b059406812028828
odf4/odf-cosi-sidecar-rhel9@sha256:9b2af0e4d60ad7d961ae3591b1e43c7b893e2399d2f6bb41d5acaf263faa6faf
odf4/odf-csi-addons-operator-bundle@sha256:2863f08f8e38895a1c90324c1cd48351d71e6403f93410c1f1eb7bf6e2073dd2
odf4/odf-csi-addons-rhel9-operator@sha256:c007996bc1ab66830f8223bc5569e17bf3c6e2b7ef819d5300d76f123da70254
odf4/odf-csi-addons-sidecar-rhel9@sha256:442471e757b5ad176f4f61b52a2162ba2148162bce9d5b21c75f27fa5166dd5e
odf4/odf-multicluster-console-rhel9@sha256:21a2e433ad313204ef17d65de300bd01066ec65fbace8dc82ff52a73cd0eb58b
odf4/odf-multicluster-operator-bundle@sha256:318dd8829cae95567e5a54cdc9de5d6d3b15dbdae68be0a594a2388dd85212cd
odf4/odf-multicluster-rhel9-operator@sha256:d15b6b04a415610f943183b760a10cb7aa6090a240b4842e59f3da2c5a7be210
odf4/odf-must-gather-rhel9@sha256:8963b9ceb629dae070d6d6ff17c9759b3130c1c1acb1a6c3933961909486248d
odf4/odf-operator-bundle@sha256:826a75ea72d5fc5938bf94bc6a09b0a58762846cb4e03813df5467b2027f1bd7
odf4/odf-prometheus-operator-bundle@sha256:c5037b94097ad89804968a0050d7cb49ea499427762374fbec00d49ce4d64067
odf4/odf-rhel9-operator@sha256:a05fab954d7d91d481aca903c425a9079e5827cd409ca1022f4983329a927b77
odf4/odr-cluster-operator-bundle@sha256:0095fbccfb7dad8577e1dc02cdf9cca26d43523c6ae90d85d105862feb771b8e
odf4/odr-hub-operator-bundle@sha256:421f907b23380bbc92600af4ed68ffbdc8613b2d191feeb456fde24ea42dc1c4
odf4/odr-recipe-operator-bundle@sha256:276cb8aad6a653b1f27b2036a57a880632433c58ebddbb59e4345bf4ecaf8123
odf4/odr-rhel9-operator@sha256:de887891f377d058f404ef00fec5e9a17f8e46da1a39c50c89ece15155df1c6c
odf4/rook-ceph-operator-bundle@sha256:bd48385070335275d730b2df2e3e15c647ac3f802f7fd661c9e6e9de84b84056
odf4/rook-ceph-rhel9-operator@sha256:ae61f7eaa46168c515cff1f3bb2d8bfdfab9101f2ec78acce56d2ccaf3d712fc

s390x

odf4/cephcsi-rhel9@sha256:e13fe9d55b71b61daf4423492613cb9e071a2fb95139222a5bd9c48a66c2a3b8
odf4/mcg-core-rhel9@sha256:ec1f6d95ec95311083a8e64f05296287a4e6f0f07859426e0e43715ee30b5716
odf4/mcg-operator-bundle@sha256:9947f2bbab306c1febe438ccd1df05137ae1e43f969460108c4bf2c8a9919a54
odf4/mcg-rhel9-operator@sha256:41dc86cf4206c1591829df4b58a18e5b88113ee37ced5d922175b6e3f78ba1ca
odf4/ocs-client-console-rhel9@sha256:c41c0adea953b393807cb096d2ab8d2a03c4e1edb8f1cb10128b4c800e26a0b7
odf4/ocs-client-operator-bundle@sha256:3bd68c9fd27ef33997e4436d90a7a6db93ecba305c234d3213a4c645c9f7942f
odf4/ocs-client-rhel9-operator@sha256:4600f3f5ffe5d4e9dd6c1dba93568ae6b2ed79f995eca5facdf9e304b06055d6
odf4/ocs-metrics-exporter-rhel9@sha256:135ca4673b18b8e4d331a9011e1f046b046b790b0df91bb6f04fde2422f2bb8a
odf4/ocs-operator-bundle@sha256:dfad35a24ffc3ead408e9e03e3a54393ec6449ed16695ad8c2f76e540d585f00
odf4/ocs-rhel9-operator@sha256:9ed8dc1d31639e75fd3a80d5a54cb552df2b541eed074249cfae6ee26aacbc7f
odf4/odf-cli-rhel9@sha256:c4161a6e519bf0128384cf51e9c35155af51ba64c64191ce9cf7f0882a52e2a0
odf4/odf-console-rhel9@sha256:0950a055c240e4b226c9532498f0dcd6b83016a72165b25f96f4b40c122cff9f
odf4/odf-cosi-sidecar-rhel9@sha256:d4f499acc69145d43e0dbdd6f1cd6d3578c9fe733ba74b9fbdf65fe3046d22da
odf4/odf-csi-addons-operator-bundle@sha256:eaaae2728505d20faf052216cc0424aebd581c7a559daf15e9db78a985aa356c
odf4/odf-csi-addons-rhel9-operator@sha256:faff87d1537e7f1604fed60a820354aaadab47e38b6cb8f519e2eb2d25bd32b7
odf4/odf-csi-addons-sidecar-rhel9@sha256:f1976c8f600c6f7db68ab39040ff38b850914cfffd70ed46b82f3e12137fd163
odf4/odf-multicluster-console-rhel9@sha256:c88e2b57df4c1dcd5a5076acda87a6ccfbf74c6c5f4d2e1b3aeaf3dc8c5dd244
odf4/odf-multicluster-operator-bundle@sha256:6b3422ed04174f651a4cff4fcc14f1ee4ec60d7c2d187f268c3f26d91e98daf9
odf4/odf-multicluster-rhel9-operator@sha256:104cf5cfa3f709b397485d0572fe20d87968c76762b4d0de34ec37432a220942
odf4/odf-must-gather-rhel9@sha256:35679f6997893e3ab29c1b8c73c3f35ef50dfb19709a4be70930677f8b80e971
odf4/odf-operator-bundle@sha256:cf9bf7a0587a57499e8e4c666906676d0c738802e0ea1306da192a46ac80731d
odf4/odf-prometheus-operator-bundle@sha256:dcae4c4a907ca0cc63175005d9695ca4ba8a54a4abd029cbdd70e5a045b108f8
odf4/odf-rhel9-operator@sha256:c82b1f9aa5d928661fedccde0af4d0a1c5377764cc6a4be25a889f490c103114
odf4/odr-cluster-operator-bundle@sha256:8d3e333d64cc47dd6cfb1667a7414298ed119f3fc2d2437f87e700be0276a260
odf4/odr-hub-operator-bundle@sha256:a18d136e1ba2751a6cd50deb2c69c48539ad83a3f3318035e74d1885ac207a4e
odf4/odr-recipe-operator-bundle@sha256:7e225ce7521b46e93ca900e78bd7821da50dc0ef4403bd47edd8922508302482
odf4/odr-rhel9-operator@sha256:df9ebe0647c99dd07a6685d6c798234efcb1f69f0c62b0575985a1f1ab5cdf32
odf4/rook-ceph-operator-bundle@sha256:37e209388233758416d3394ff210a94f2d4475b2ad04cf5f112e641ec0ee2a8a
odf4/rook-ceph-rhel9-operator@sha256:216a52635bdd12a5e09dc21870250ccffac33a58cd26e0db2be9e777a9e69a25

x86_64

odf4/cephcsi-rhel9@sha256:c8ebb628f7415530a9232ff7ff7de34e4195b5b5e3de88b86fcc3be9fa2506f0
odf4/mcg-core-rhel9@sha256:b81a39c6bf8cc96d20aa8faedb372b41da7add03e2106a3ed92e0c504e1bbb26
odf4/mcg-operator-bundle@sha256:8530893b46616b33bea1c50132c48ced28a9d2f1096685958055d874039aa6f6
odf4/mcg-rhel9-operator@sha256:54edee74f13bc2e112eceb9ec3fb1bedc68fc403feb3c2e7134c268e9852573c
odf4/ocs-client-console-rhel9@sha256:fd80d5abf223de2aa9b7133cc1470e439ebeb4b2f6bb2d01e41c0e8f6dacc408
odf4/ocs-client-operator-bundle@sha256:3cf0d4b0452c53d67552547631dacaac7200fde244540dd6c75dbd2d3b89e3e0
odf4/ocs-client-rhel9-operator@sha256:78e30cabc8defd83c519fc47e3ab9ebc26f31ca08712ddda05e404fc35cb26b2
odf4/ocs-metrics-exporter-rhel9@sha256:5a6ce2c675ad3126970895abe6879a9417dea48b4cc0491e74bd0b1361322bf4
odf4/ocs-operator-bundle@sha256:913814d92890e482e4b1fb177014bf8c51fc088390c6657de6ef97d6d3512531
odf4/ocs-rhel9-operator@sha256:e6db9fa970074de5a7bcf88f4634dfc6998d541fe68b2a8af2b8bc256bd76636
odf4/odf-cli-rhel9@sha256:9419e68301ddfaf53000c44a306d81a953e64c395f06136be36c09a83e78939c
odf4/odf-console-rhel9@sha256:866687ae1a1a3df4ecdbab42f7d2fcfd8c80e69960cd5cfc00573a05505a59ba
odf4/odf-cosi-sidecar-rhel9@sha256:21314c5c4f58bffcdfb8dd9f50ce03ca9535f1e8be2cc335ae3770f4bd3a5531
odf4/odf-csi-addons-operator-bundle@sha256:d8a255eb5c77e073f67521333521832d8817e62f42d2dec8b63e92d4e8469551
odf4/odf-csi-addons-rhel9-operator@sha256:c0bcb8e1c33843fd57bf5f9da08ce0b6656aa04c0caccb4564ab60da9af285e7
odf4/odf-csi-addons-sidecar-rhel9@sha256:98adfcb5878246ff959e15ec9bdf2e7f5783e75c8bb79dc2d139c8cb88395e78
odf4/odf-multicluster-console-rhel9@sha256:c5881c3dd6c7a45bb7c42934a6762b08ca98128dbff9c316024331f82f1fce3a
odf4/odf-multicluster-operator-bundle@sha256:d469c2e3650ab22a018756a52e22a98ae4ae2863a5892c55cee4c5c88a9cc61f
odf4/odf-multicluster-rhel9-operator@sha256:7d35dec8cff635431116ef95e079924bdc5e46c0539d23cef55a41653cb0223c
odf4/odf-must-gather-rhel9@sha256:d3a764d5e4c9df387fe81cfcca7a3a8f7dcf1fa664103475c7a73066537f443a
odf4/odf-operator-bundle@sha256:d0614c1796881797d00774ac008118aec1080d5952b811e1852476ff609e996d
odf4/odf-prometheus-operator-bundle@sha256:c935bd3a3011181063c3a22e7b89c6add8bd6738a592d1f289d9121f36006529
odf4/odf-rhel9-operator@sha256:45f34df619642da678f4a2d2226709baa979ddf86f9e2025e28b8946d7fac13b
odf4/odr-cluster-operator-bundle@sha256:109a2fa60ed143594b55504f9dd9e8247f7e060ffb3ad7a55c9ae9a5a30da4a5
odf4/odr-hub-operator-bundle@sha256:be4d3fcbfe9ef5bf6585b6c7bfa36e9b53ddb58a480ea6e659e5b9f60a3c50de
odf4/odr-recipe-operator-bundle@sha256:dbd7fe87212c6417456f308d299dd989d9ef01a021ce3c4b841ff6fc6743ccc6
odf4/odr-rhel9-operator@sha256:68ca92c1210c0523ac272958880490255281ee56d2ff54ea29378275f144efa8
odf4/rook-ceph-operator-bundle@sha256:4ad8fcd9004016f64333c028a5650ffceb6820a8cff7af61e79db5f2a83122b6
odf4/rook-ceph-rhel9-operator@sha256:93c391fc7967066853b2aa014a05207b9c176d254760d4437523a455160b736f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.