Issued:
2024-07-01
Updated:
2024-07-01

RHSA-2024:1616 - Important: Run Once Duration Override Operator for Red Hat OpenShift 1.1.1 for RHEL 9

Synopsis

Important: Run Once Duration Override Operator for Red Hat OpenShift 1.1.1 for RHEL 9

Type/Severity

Security Advisory Important

Topic

Run Once Duration Override Operator for Red Hat OpenShift 1.1.1 for RHEL 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Run Once Duration Override Operator for Red Hat OpenShift is an optional operator that makes it possible to override activeDeadlineSeconds field during pod admission.

Security Fix(es):

  • golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
  • golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
  • golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
  • golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
  • golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
  • golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
  • golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

Affected Products

ProductVersionArch
Run Once Duration Override Operator1x86_64

Fixes

CVEs

References

Additional information