Red Hat Product Errata RHSA-2025:0323 - Security Advisory
Issued:
2025-01-15
Updated:
2025-01-15

RHSA-2025:0323 - Security Advisory

Synopsis

Moderate: Red Hat OpenShift Data Foundation 4.14.13 Bug Fix Update

Type/Severity

Security Advisory: Moderate

Topic

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.14.13 on Red Hat Enterprise Linux 9 from Red Hat Container Registry.

Description

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API.

Security Fix(es) from Bugzilla:

  • tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)
  • css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)
  • webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)
  • path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)
  • express: Improper Input Handling in Express Redirects (CVE-2024-43796)
  • send: Code Execution Vulnerability in Send Library (CVE-2024-43799)
  • serve-static: Improper Sanitization in serve-static (CVE-2024-43800)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Data Foundation 4 for RHEL 9 x86_64
  • Red Hat OpenShift Data Foundation for IBM Power, little endian 4 for RHEL 9 ppc64le
  • Red Hat OpenShift Data Foundation for IBM Z and LinuxONE 4 for RHEL 9 s390x
  • Red Hat OpenShift Data Foundation for RHEL 9 ARM 4 aarch64

Fixes

  • BZ - 2219310 - CVE-2023-26136 tough-cookie: prototype pollution in cookie memstore
  • BZ - 2250364 - CVE-2023-26364 css-tools: Improper Input Validation causes Denial of Service via Regular Expression
  • BZ - 2308193 - CVE-2024-43788 webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule
  • BZ - 2310908 - CVE-2024-45296 path-to-regexp: Backtracking regular expressions cause ReDoS
  • BZ - 2311152 - CVE-2024-43796 express: Improper Input Handling in Express Redirects
  • BZ - 2311153 - CVE-2024-43799 send: Code Execution Vulnerability in Send Library
  • BZ - 2311154 - CVE-2024-43800 serve-static: Improper Sanitization in serve-static
  • DFBUGS-923 - CVE-2024-45296 odf-console-container: Backtracking regular expressions cause ReDoS [openshift-data-foundation-4.14.z]

aarch64

odf4/mcg-cli-rhel9@sha256:0f8ea96fc58192660d845131c760a258a8e33fc02fc85884aa9be5ea07fd5e26
odf4/mcg-core-rhel9@sha256:8dbb2f97682ab4a0f88e4b63485738f591a002faded8d1e5a01f918abd0a22b5
odf4/mcg-rhel9-operator@sha256:bb82af60a467551305c8628e6c8bac0b0d01637a0fb04b4142e69c90d3003434
odf4/ocs-client-rhel9-operator@sha256:aeabac054147c3be143ddfcc48702332a58d17a31e461c1cf863fa273a5364e0
odf4/ocs-rhel9-operator@sha256:60b08d3094ed01d2e5570973964f08cd9a81c794b1e187d595dc735436004cc2
odf4/odf-csi-addons-rhel9-operator@sha256:3366ad94a8cba707735d4cbbc692221b62a5fbef387edb70e3660f55ae718e7a
odf4/odf-csi-addons-sidecar-rhel9@sha256:4e2db57173669e54f65196c175d5e47e74076d8164f57f90da86fcef8aa92281
odf4/odf-multicluster-rhel9-operator@sha256:59e97364ffd0cf0b64f95cbb65dcfcac7d982bffc98dd87e64a5c0e0d114e36b
odf4/odf-must-gather-rhel9@sha256:722eadfcf62be37bf9d714ac4336440ed98615269423c3ba3b65b70b6c6acd29
odf4/odf-rhel9-operator@sha256:d1c814e55d7f91d8b096bf0983041e678ece0034fb3990630565ae32791d5d7c
odf4/odr-rhel9-operator@sha256:8be0734337b11f5bb35cdbd93dc3b93d37c66770b238bd26de673026ef201e62

ppc64le

odf4/cephcsi-rhel9@sha256:984f5852a4793d9883106ccca492b1daab60d3c85f21ad667f92efbe8e5d1c50
odf4/mcg-cli-rhel9@sha256:a665d06e0ec627db26cf47e0e19a36793f185fbf7dcb2a756983b0c08d041a09
odf4/mcg-core-rhel9@sha256:bc5578e6f07cd0692abd897bf25b99361f1044a10ddcefefae13d3af338b3d58
odf4/mcg-operator-bundle@sha256:a42cd3a47eae7d05c44b438321da63faaee8274e4099171ec30c75005526f05d
odf4/mcg-rhel9-operator@sha256:1e20312fdd047dfd87b67d0bdc6a493df330c58671bcd0e078f22686df4a8d66
odf4/ocs-client-console-rhel9@sha256:3d2aba1307256ae6ee3a2dffaf0d175f7d204f7484712c1ec083d74203de2cb8
odf4/ocs-client-operator-bundle@sha256:3e398e98250d9638c8ad75bf88ae2cb936d499c1ebf0d0cc897ce37fbb25b42b
odf4/ocs-client-rhel9-operator@sha256:12fa0510c846a2f2d7984ab844faf117848aa9b70bf1642e140a20729fea3b4a
odf4/ocs-metrics-exporter-rhel9@sha256:9038bc5b6d2713e79672f2f574ebe849bb15dccc025a38fc2380e443430f05e6
odf4/ocs-operator-bundle@sha256:3d161f9b4d88c502382b32abe4392af4a5b141fa11851f335f32745c090971a5
odf4/ocs-rhel9-operator@sha256:e81785d999d583b8a57e6be3eecc7edfa042552e4ae0c2a18460316a68828fb1
odf4/odf-console-rhel9@sha256:521022da39600a31fd4f1e3f72cfbc5c9315a53de21df57be71a63e4050a4491
odf4/odf-cosi-sidecar-rhel9@sha256:df2648d2c5f839bde961fe8e3badbaf6cf72c7b62c133b1cb27c4ee7e66ac5f0
odf4/odf-csi-addons-operator-bundle@sha256:c4b1229ac6308e623a660b37b3f52870eac8c9566d2068173ffadc52aee8da12
odf4/odf-csi-addons-rhel9-operator@sha256:326cb06c987e275b1c1c7c9fef1e96d343223ee150ed3c58cfc42ccf4765fe03
odf4/odf-csi-addons-sidecar-rhel9@sha256:bac9dfa4b2d31316e0fcabc3e2c87c830c7e410d0b9c0e485ae62ea4da79d2c4
odf4/odf-multicluster-console-rhel9@sha256:68c42668721898d68bc3b255bedca2124dee662626542793c9bfadc520d473c8
odf4/odf-multicluster-operator-bundle@sha256:73448db0de00c6a40ed20d0d167b7e98f89c8e3eebc45f675cc210e27bd95c0c
odf4/odf-multicluster-rhel9-operator@sha256:08bd33241646abb79e57a6de5aac3611f0f3238c11dfa76bd135e8fc745eaf97
odf4/odf-must-gather-rhel9@sha256:a0ef2966b464a5602ab2d936772dc74ca55212a11c0ec0f19db5ff61d66c2980
odf4/odf-operator-bundle@sha256:26459b59f76a3e8cc6fed7907b044921fa61a27d91c3b174ea7f35d120d99a6e
odf4/odf-rhel9-operator@sha256:7609f4687626d3b178e211cc587b642acc688acd17274551bde6828ca5e702e5
odf4/odr-cluster-operator-bundle@sha256:de86c539ff9dfe81d04cecee6fbd6ded1e8b4a3b598d855aa5c6baa98cf10d45
odf4/odr-hub-operator-bundle@sha256:2094cba9cbcf69f44a9176a5f8906f3faa95e0914272922311d0a9a28ca437bf
odf4/odr-rhel9-operator@sha256:06b747af12530dd66554af69f072c35622fb57fbff9094b71dcc379ef13faa71
odf4/rook-ceph-rhel9-operator@sha256:210ff59e38d274b3ad678b826078bdc896cb5f950ad2221724c03bda6939138b

s390x

odf4/cephcsi-rhel9@sha256:08a046ba8c5a9284e7fc9263f51eee40a5203c5d41c25ac2df555694dbd5a395
odf4/mcg-cli-rhel9@sha256:1f9ed27e2bd7b881aa5bc06571cf1cd459d577746e01f388bef01679013958f5
odf4/mcg-core-rhel9@sha256:cf73fc2fa89884542a1f0e333bd9e1dd587a05e86442d67a316cd1c1d26c925d
odf4/mcg-operator-bundle@sha256:a73e671a9db5b88691800cefb2c903e7012499bc857e6cca62af958a35b5eab6
odf4/mcg-rhel9-operator@sha256:0af9a6828abb53c18dae132b6a91862a85b5ad0b3f3ffbded002955af2fd04e2
odf4/ocs-client-console-rhel9@sha256:f5976d4c7303ddb27dd91f33517af1e74cdf42e3539219c30c0c87408a085f95
odf4/ocs-client-operator-bundle@sha256:59921e0c5c495c57a8efd9022b95bf0964fff99ba6f207cd49ed3b0112189f45
odf4/ocs-client-rhel9-operator@sha256:f0fab98314e526b530a06a4859cab011647358ea65827288bd12d97ac1cf6e38
odf4/ocs-metrics-exporter-rhel9@sha256:06c5ad2463ba39e95ad251fd388b2c604deec27da05ef2c4d98952173eb56787
odf4/ocs-operator-bundle@sha256:a967f7349b22cc96c11191bf31c002ef6fec7fd4214398df29ecdb7c72d4718c
odf4/ocs-rhel9-operator@sha256:215778987ac0f6449b168481b84a8b253cd4577711055ca66d259fdbf37e9af9
odf4/odf-console-rhel9@sha256:9c676d4cea288ae80afe61e6c2c2009da9969508aebd8eebce0f21513ba505f9
odf4/odf-cosi-sidecar-rhel9@sha256:7bd34f3be6e5a6e689ede195ef1b29843b5eb0cf839021816c7e57819b0d496e
odf4/odf-csi-addons-operator-bundle@sha256:b16ddba3e229faf0aa5d01f0dd6452872c6a44679a74359979a9c09c595bbcc8
odf4/odf-csi-addons-rhel9-operator@sha256:f3ab303fdafcbef708c92a33ad0775fdae4744735ae600e7aa692e62a7fade10
odf4/odf-csi-addons-sidecar-rhel9@sha256:5d8e98b7f5b07f77e707cf73673dcf4648624da51d34d561d6bdc2b3fde8f541
odf4/odf-multicluster-console-rhel9@sha256:85505b18dc32d34de3f9d6ca779acc84e8c500f106460502597f00fe8626509b
odf4/odf-multicluster-operator-bundle@sha256:389291fcc275966724880ec3f8b6732020027e162e515684e889a76c686d8163
odf4/odf-multicluster-rhel9-operator@sha256:2baf3d66710d7673ea20562912597b058a3d0a9b428bdf1ba792d0624c31f284
odf4/odf-must-gather-rhel9@sha256:d64b01bd4ace2795a62a7bfb2b385930e46f76eb12cede706d10b16ba0707750
odf4/odf-operator-bundle@sha256:b9c877af1b71bf3ec5f6025353c9d9b37e457e120ea0815c9090490a6b2217fd
odf4/odf-rhel9-operator@sha256:4a42286f3a5c31625fe29085c81627325006d6c1b63e8ad3c90b2bfa383b2439
odf4/odr-cluster-operator-bundle@sha256:91bf46b7a774f08aba77f25203cb4bfa2aa44073a50807b942190702c2364eff
odf4/odr-hub-operator-bundle@sha256:14c3b888aff944bafe415da999e6c4d43f830f4ebe7bc1d681f92f0037751687
odf4/odr-rhel9-operator@sha256:6447bd5f6546704b4b8762c8c00dcd27141a0943fea33a02ee621087b4f353cf
odf4/rook-ceph-rhel9-operator@sha256:df1f250b1d40440eb8a5d97f3c2641f01b81d99fd67c42d14c6f89183f5486fd

x86_64

odf4/cephcsi-rhel9@sha256:6b2cb0576d635bfeef719847a6b3a651b5527a0336fe57548ae609025ddb2016
odf4/mcg-cli-rhel9@sha256:e33c0ee4709e501d0a25c9da0089cb28b79ee80d28706465b55b9b17f807d260
odf4/mcg-core-rhel9@sha256:8d8230c10fa25e17fdac866971ecbdcec369e998f4f965eab27abab46d1eaf4d
odf4/mcg-operator-bundle@sha256:f034e4be8b4e4e29ae79b12b800bf9ea682fa006a3ba6e84f42e06167a239750
odf4/mcg-rhel9-operator@sha256:fc98e8793dac5fcdb663967a7fd27c03d4cbb38295a5b1138f30cc1936bec92b
odf4/ocs-client-console-rhel9@sha256:5e05fc58b6b37b6e6f45a0042d3b167760fcc3dd5d14f4620a889d5feb90ae76
odf4/ocs-client-operator-bundle@sha256:23aad767b433979e8465b4420278bf41a729e32530f80ef3bb3e98466afca95f
odf4/ocs-client-rhel9-operator@sha256:afcecc910feb27ffc8c48ce6aa52f2d305fd785b7a31e8d035d14f771f9993ae
odf4/ocs-metrics-exporter-rhel9@sha256:cfbbab395069de17bb86357e54d2a6a89e5fe671b938b7a42e4c8ab1eb951e49
odf4/ocs-operator-bundle@sha256:b2cf0ade1d9c2e16e4fec4e2886691f5e4d95210bdf68377cd22aa6a3bd409d4
odf4/ocs-rhel9-operator@sha256:7c98d7e882e06d09322f9eefcd67a26a9b96e81708a1c2d9095c93e280bee66a
odf4/odf-console-rhel9@sha256:88ddde7411b0ce4b0edd53e0b64c76afa8038fc4a8aa1450220e515759c30036
odf4/odf-cosi-sidecar-rhel9@sha256:cada6c55b8adbafd7238399b13748432b4e2937eb5aa7b1c0d40573983f4b953
odf4/odf-csi-addons-operator-bundle@sha256:ef593bb97792c40a0706924dbfbc9dd0072d0889b92678b8ebaf55227d66f5a4
odf4/odf-csi-addons-rhel9-operator@sha256:ccd9cdb192b4275b9c7bb58b72df90df0ad6ff807e2f00ed04710655042f66d5
odf4/odf-csi-addons-sidecar-rhel9@sha256:09d88b10bd0e674f5d0efae7b6a2d98db7634e2b594a44dbdae35d6a872fb0c0
odf4/odf-multicluster-console-rhel9@sha256:171817821112bd026a41faae5cf98fd06ed5d0cf063d622f24fa695bcb1213b4
odf4/odf-multicluster-operator-bundle@sha256:11968f525a32bdd28d90ecc8b0eb32838c4eab155a77f0453685dc346f5c106d
odf4/odf-multicluster-rhel9-operator@sha256:eb4626677b340ac11237dc9269071732b45642238afb3afdabe7acf535464fda
odf4/odf-must-gather-rhel9@sha256:1318f5f3119a2b9a5b22e7687d3b1d5212394dda2d95b6e02c98b8ffcb87660f
odf4/odf-operator-bundle@sha256:4412748a0cf46c60539a4fefdc8390040a5c61fa8eee6137a8a402dcef9ddb01
odf4/odf-rhel9-operator@sha256:168d1924a17a77cc3a473bf48a90bfd3cb3134d30a667cbbf378fc96b3ad5803
odf4/odr-cluster-operator-bundle@sha256:a79234b0659b2e45b7661a7b86f658dedc01e7b9ff858251a26dab3a42650993
odf4/odr-hub-operator-bundle@sha256:ad8244e09fdbd18c7c9ee1bd398fbb36fbc403fba0e59553d037018351dba05d
odf4/odr-rhel9-operator@sha256:c49b2c30b19d5f0c13782910214819fc1a18b48c0f8a0d3064b2b4af24e1567f
odf4/rook-ceph-rhel9-operator@sha256:057af5f435a7ed786bdca3db5219fc58152dbe4e9afa997b91e5f6e930534025

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.