Issued:: 2025-04-15
Updated:: 2025-04-15

RHSA-2025:3932 - Security Advisory

Overview
Updated Images

Synopsis

Important: Red Hat OpenShift Dev Spaces 3.20.0 release

Type/Severity

Security Advisory: Important

Topic

Red Hat OpenShift Dev Spaces 3.20 has been released.

All containers have been updated to include feature enhancements, bug fixes and CVE fixes.

Description

Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.

The 3.20 release is based on Eclipse Che 7.100 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.

Users still using the v1 standard should migrate as soon as possible.

https://devfile.io/docs/2.2.0/migrating-to-devfile-v2

Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.

https://access.redhat.com/support/policy/updates/openshift#devspaces

Security Fix(es):

DevSpaces-Operator

golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws (CVE-2025-22868)
golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)

DevSpaces-Pluginregistry

tar-fs: link following and path traversal via maliciously crafted tar file (CVE-2024-12905)

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenShift Dev Spaces 3 x86_64

Fixes

BZ - 2348366 - CVE-2025-22868 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws
BZ - 2348367 - CVE-2025-22869 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh
BZ - 2355460 - CVE-2024-12905 tar-fs: link following and path traversal via maliciously crafted tar file
CRW-8327 - DS 3.20.0 Overall Epic

CVEs

References

https://access.redhat.com/security/updates/classification/#important

ppc64le

devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be

devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0

devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29

devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3

devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16

devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2

devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d

devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716

devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6

devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040

devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5

devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9

devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017

s390x

devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c

devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0

devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840

devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff

devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9

devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89

devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567

devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324

devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b

devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a

devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89

devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d

devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc

x86_64

devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e

devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9

devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84

devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb

devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3

devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8

devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80

devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162

devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13

devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51

devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20

devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d

devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1

devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Ansible.com

Red Hat Ecosystem Catalog

Red Hat Hybrid Cloud Console

Red Hat Store

Red Hat Summit and AnsibleFest