- Issued:
- 2024-10-23
- Updated:
- 2024-10-23
RHSA-2024:6341 - Moderate: Kube Descheduler Operator for Red Hat OpenShift 5.1.0 for RHEL 9
Synopsis
Moderate: Kube Descheduler Operator for Red Hat OpenShift 5.1.0 for RHEL 9
Type/Severity
Security Advisory Moderate
Topic
Kube Descheduler Operator for Red Hat OpenShift 5.1.0 for RHEL 9
Description
The Kube Descheduler Operator for Red Hat OpenShift is an optional operator that deploys the descheduler, which is responsible for evicting pods based on certain strategies.
Security Fix(es):
- golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)
- golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)
- net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
Affected Products
| Product | Version | Arch |
|---|---|---|
| Kube Descheduler Operator | 5 | x86_64 |
Fixes
- This content is not included.BZ - 2279814
- This content is not included.BZ - 2292787
- This content is not included.BZ - 2295310
- This content is not included.OCPBUGS-41860
- This content is not included.OCPBUGS-11891
CVEs
- CVE-2023-52425
- CVE-2024-2398
- CVE-2024-6232
- CVE-2024-6345
- CVE-2024-6923
- CVE-2024-24788
- CVE-2024-24790
- CVE-2024-24791
- CVE-2024-28757
- CVE-2024-37370
- CVE-2024-37371
- CVE-2024-37891
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.