- Issued:
- 2024-06-05
- Updated:
- 2024-06-05
RHSA-2024:3621 - Important: Red Hat OpenShift distributed tracing 3.2.0 operator/operand containers update
Synopsis
Important: Red Hat OpenShift distributed tracing 3.2.0 operator/operand containers update
Type/Severity
Security Advisory Important
Topic
Red Hat OpenShift distributed tracing 3.2.0
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Release of Red Hat OpenShift distributed tracing provides these changes:
Security Fix(es):
- go-resty: HTTP request body disclosure in github.com/go-resty/resty/v2 (CVE-2023-45286)
- golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
- golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
- golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
- golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
- golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
- golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
- golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
Red Hat OpenShift distributed tracing Release
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat OpenShift distributed tracing | 3 | x86_64 |
| Red Hat OpenShift distributed tracing for Power, little endian | 3 | ppc64le |
| Red Hat OpenShift distributed tracing for IBM Z and LinuxONE | 3 | s390x |
| Red Hat OpenShift distributed tracing for ARM | 3 | aarch64 |
Fixes
- This content is not included.BZ - 2252012
- This content is not included.BZ - 2268017
- This content is not included.BZ - 2268018
- This content is not included.BZ - 2268019
- This content is not included.BZ - 2268021
- This content is not included.BZ - 2268022
- This content is not included.BZ - 2268046
- This content is not included.BZ - 2268273
- This content is not included.TRACING-3139
- This content is not included.TRACING-3599
- This content is not included.TRACING-3693
- This content is not included.TRACING-3725
- This content is not included.TRACING-3738
- This content is not included.TRACING-3761
- This content is not included.TRACING-3764
- This content is not included.TRACING-3801
- This content is not included.TRACING-3834
- This content is not included.TRACING-3836
- This content is not included.TRACING-3856
- This content is not included.TRACING-3884
- This content is not included.TRACING-3919
- This content is not included.TRACING-3920
- This content is not included.TRACING-3921
- This content is not included.TRACING-3935
- This content is not included.TRACING-3936
- This content is not included.TRACING-3946
- This content is not included.TRACING-3959
- This content is not included.TRACING-3961
- This content is not included.TRACING-3964
- This content is not included.TRACING-3965
- This content is not included.TRACING-3966
- This content is not included.TRACING-3967
- This content is not included.TRACING-3968
- This content is not included.TRACING-3969
- This content is not included.TRACING-3970
- This content is not included.TRACING-3971
- This content is not included.TRACING-3972
- This content is not included.TRACING-3973
- This content is not included.TRACING-3974
- This content is not included.TRACING-3981
- This content is not included.TRACING-4007
- This content is not included.TRACING-4009
- This content is not included.TRACING-4061
- This content is not included.TRACING-4065
- This content is not included.TRACING-4068
- This content is not included.TRACING-4072
- This content is not included.TRACING-4078
- This content is not included.TRACING-4087
- This content is not included.TRACING-4127
CVEs
- CVE-2021-43618
- CVE-2023-6004
- CVE-2023-6918
- CVE-2023-7008
- CVE-2023-45286
- CVE-2023-45288
- CVE-2023-45289
- CVE-2023-45290
- CVE-2024-22365
- CVE-2024-24783
- CVE-2024-24784
- CVE-2024-24785
- CVE-2024-24786
- CVE-2024-26458
- CVE-2024-26461
- CVE-2024-28834
- CVE-2024-33599
- CVE-2024-33600
- CVE-2024-33601
- CVE-2024-33602
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.