Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-27664
Vulnerability from cvelistv5
Published
2022-09-06 17:29
Modified
2024-08-03 05:32
Severity ?
EPSS score ?
Summary
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:32:59.884Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/g/golang-announce" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s" }, { "name": "FEDORA-2022-67ec8c61d0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/" }, { "name": "FEDORA-2022-45097317b4", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220923-0004/" }, { "name": "GLSA-202209-26", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-26" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:06:56", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/g/golang-announce" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s" }, { "name": "FEDORA-2022-67ec8c61d0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/" }, { "name": "FEDORA-2022-45097317b4", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220923-0004/" }, { "name": "GLSA-202209-26", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-26" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-27664", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://groups.google.com/g/golang-announce", "refsource": "MISC", "url": "https://groups.google.com/g/golang-announce" }, { "name": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", "refsource": "CONFIRM", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s" }, { "name": "FEDORA-2022-67ec8c61d0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/" }, { "name": "FEDORA-2022-45097317b4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/" }, { "name": "https://security.netapp.com/advisory/ntap-20220923-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220923-0004/" }, { "name": "GLSA-202209-26", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-26" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-27664", "datePublished": "2022-09-06T17:29:08", "dateReserved": "2022-03-23T00:00:00", "dateUpdated": "2024-08-03T05:32:59.884Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-27664\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-09-06T18:15:12.747\",\"lastModified\":\"2024-11-21T06:56:07.703\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.\"},{\"lang\":\"es\",\"value\":\"En net/http en Go versiones anteriores a 1.18.6 y 1.19.x anteriores a 1.19.1, los atacantes pueden causar una denegaci\u00f3n de servicio porque una conexi\u00f3n HTTP/2 puede colgarse durante el cierre si el apagado fue adelantado por un error fatal.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.18.6\",\"matchCriteriaId\":\"5FD1F793-7C7B-454B-BD2D-CE56C91E8573\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.19.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6173F8B9-F925-4166-9D3A-6793082D6A6F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}],\"references\":[{\"url\":\"https://groups.google.com/g/golang-announce\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202209-26\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220923-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202209-26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220923-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2023_0584
Vulnerability from csaf_redhat
Published
2023-05-18 14:27
Modified
2025-01-06 19:23
Summary
Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update
Notes
Topic
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives
a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1
Security Fix(es):
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Secondary Scheduler Operator for Red Hat OpenShift 1.1.1\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives\na\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Secondary Scheduler Operator for Red Hat OpenShift 1.1.1\n\nSecurity Fix(es):\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:0584", "url": "https://access.redhat.com/errata/RHSA-2023:0584" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2113814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814" }, { "category": "external", "summary": "2124668", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668" }, { "category": "external", "summary": "2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "2161274", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274" }, { "category": "external", "summary": "2178488", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488" }, { "category": "external", "summary": "2178492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492" }, { "category": "external", "summary": "WRKLDS-653", "url": "https://issues.redhat.com/browse/WRKLDS-653" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0584.json" } ], "title": "Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update", "tracking": { "current_release_date": "2025-01-06T19:23:47+00:00", "generator": { "date": "2025-01-06T19:23:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.5" } }, "id": "RHSA-2023:0584", "initial_release_date": "2023-05-18T14:27:34+00:00", "revision_history": [ { "date": "2023-05-18T14:27:34+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-05-18T14:27:34+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-01-06T19:23:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OSSO 1.1 for RHEL 8", "product": { "name": "OSSO 1.1 for RHEL 8", "product_id": "8Base-OSSO-1.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1.1::el8" } } } ], "category": "product_family", "name": "Openshift Secondary Scheduler Operator" }, { "branches": [ { "category": "product_version", "name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64", "product": { "name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64", "product_id": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64", "product_identification_helper": { "purl": "pkg:oci/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle\u0026tag=v1.1-26" } } }, { "category": "product_version", "name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64", "product": { "name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64", "product_id": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64", "product_identification_helper": { "purl": "pkg:oci/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83?arch=amd64\u0026repository_url=registry.redhat.io/openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8\u0026tag=v1.1-26" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64 as a component of OSSO 1.1 for RHEL 8", "product_id": "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" }, "product_reference": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64", "relates_to_product_reference": "8Base-OSSO-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64 as a component of OSSO 1.1 for RHEL 8", "product_id": "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" }, "product_reference": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64", "relates_to_product_reference": "8Base-OSSO-1.1" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Daniel Abeles" ], "organization": "Head of Research, Oxeye" }, { "names": [ "Gal Goldstein" ], "organization": "Security Researcher, Oxeye" } ], "cve": "CVE-2022-2880", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132868" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "known_not_affected": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2880" }, { "category": "external", "summary": "RHBZ#2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880" }, { "category": "external", "summary": "https://github.com/golang/go/issues/54663", "url": "https://github.com/golang/go/issues/54663" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T14:27:34+00:00", "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0584" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64", "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters" }, { "cve": "CVE-2022-27664", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2124669" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: handle server errors after sending GOAWAY", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "known_not_affected": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-27664" }, { "category": "external", "summary": "RHBZ#2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664" }, { "category": "external", "summary": "https://go.dev/issue/54658", "url": "https://go.dev/issue/54658" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" } ], "release_date": "2022-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T14:27:34+00:00", "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0584" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64", "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: handle server errors after sending GOAWAY" }, { "cve": "CVE-2022-32189", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2113814" } ], "notes": [ { "category": "description", "text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "known_not_affected": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32189" }, { "category": "external", "summary": "RHBZ#2113814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189" }, { "category": "external", "summary": "https://go.dev/issue/53871", "url": "https://go.dev/issue/53871" }, { "category": "external", "summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU", "url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU" } ], "release_date": "2022-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T14:27:34+00:00", "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0584" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64", "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service" }, { "cve": "CVE-2022-32190", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2124668" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/url: JoinPath does not strip relative path components in all circumstances", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "known_not_affected": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32190" }, { "category": "external", "summary": "RHBZ#2124668", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32190" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190" }, { "category": "external", "summary": "https://go.dev/issue/54385", "url": "https://go.dev/issue/54385" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" } ], "release_date": "2022-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T14:27:34+00:00", "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0584" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64", "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/url: JoinPath does not strip relative path components in all circumstances" }, { "acknowledgments": [ { "names": [ "Adam Korczynski" ], "organization": "ADA Logics" }, { "names": [ "OSS-Fuzz" ] } ], "cve": "CVE-2022-41715", "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132872" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: regexp/syntax: limit memory used by parsing regexps", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "known_not_affected": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41715" }, { "category": "external", "summary": "RHBZ#2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715" }, { "category": "external", "summary": "https://github.com/golang/go/issues/55949", "url": "https://github.com/golang/go/issues/55949" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T14:27:34+00:00", "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0584" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64", "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: regexp/syntax: limit memory used by parsing regexps" }, { "cve": "CVE-2022-41717", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-01-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2161274" } ], "notes": [ { "category": "description", "text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests", "title": "Vulnerability summary" }, { "category": "other", "text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "known_not_affected": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41717" }, { "category": "external", "summary": "RHBZ#2161274", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717" }, { "category": "external", "summary": "https://go.dev/cl/455635", "url": "https://go.dev/cl/455635" }, { "category": "external", "summary": "https://go.dev/cl/455717", "url": "https://go.dev/cl/455717" }, { "category": "external", "summary": "https://go.dev/issue/56350", "url": "https://go.dev/issue/56350" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2022-1144", "url": "https://pkg.go.dev/vuln/GO-2022-1144" } ], "release_date": "2022-11-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T14:27:34+00:00", "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0584" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64", "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests" }, { "cve": "CVE-2022-41724", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2178492" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: large handshake records may cause panics", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "known_not_affected": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41724" }, { "category": "external", "summary": "RHBZ#2178492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724" }, { "category": "external", "summary": "https://go.dev/cl/468125", "url": "https://go.dev/cl/468125" }, { "category": "external", "summary": "https://go.dev/issue/58001", "url": "https://go.dev/issue/58001" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-1570", "url": "https://pkg.go.dev/vuln/GO-2023-1570" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T14:27:34+00:00", "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0584" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64", "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/tls: large handshake records may cause panics" }, { "cve": "CVE-2022-41725", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2178488" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, mime/multipart: denial of service from excessive resource consumption", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "known_not_affected": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41725" }, { "category": "external", "summary": "RHBZ#2178488", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41725", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41725" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725" }, { "category": "external", "summary": "https://go.dev/cl/468124", "url": "https://go.dev/cl/468124" }, { "category": "external", "summary": "https://go.dev/issue/58006", "url": "https://go.dev/issue/58006" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-1569", "url": "https://pkg.go.dev/vuln/GO-2023-1569" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T14:27:34+00:00", "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0584" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64", "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption" } ] }
RHSA-2023:4734
Vulnerability from csaf_redhat
Published
2023-08-30 19:59
Modified
2025-02-07 15:01
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.13.10 security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.13.10 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.10.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.10. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2023:4731
Security Fix(es):
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.13.10 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.10. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2023:4731\n\nSecurity Fix(es):\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:4734", "url": "https://access.redhat.com/errata/RHSA-2023:4734" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4734.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.13.10 security update", "tracking": { "current_release_date": "2025-02-07T15:01:59+00:00", "generator": { "date": "2025-02-07T15:01:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.3.0" } }, "id": "RHSA-2023:4734", "initial_release_date": "2023-08-30T19:59:47+00:00", "revision_history": [ { "date": "2023-08-30T19:59:47+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-08-30T19:59:47+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-07T15:01:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ironic content for Red Hat OpenShift Container Platform 4.13", "product": { "name": "Ironic content for Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-IRONIC-4.13", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_ironic:4.13::el9" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.13", "product": { "name": "Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.13::el9" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.13", "product": { "name": "Red Hat OpenShift Container Platform 4.13", "product_id": "8Base-RHOSE-4.13", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.13::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "python-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.src", "product": { "name": "python-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.src", "product_id": "python-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-ironic-lib@5.4.1-0.20230410165532.b393f4c.el9?arch=src" } } }, { "category": "product_version", "name": "python-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.src", "product": { "name": "python-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.src", "product_id": "python-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-oslo-messaging@14.1.0-0.20230308164807.9f710ce.el9?arch=src" } } }, { "category": "product_version", "name": "container-selinux-3:2.221.0-1.rhaos4.13.el9.src", "product": { "name": "container-selinux-3:2.221.0-1.rhaos4.13.el9.src", "product_id": "container-selinux-3:2.221.0-1.rhaos4.13.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/container-selinux@2.221.0-1.rhaos4.13.el9?arch=src\u0026epoch=3" } } }, { "category": "product_version", "name": "kernel-0:5.14.0-284.28.1.el9_2.src", "product": { "name": "kernel-0:5.14.0-284.28.1.el9_2.src", "product_id": "kernel-0:5.14.0-284.28.1.el9_2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel@5.14.0-284.28.1.el9_2?arch=src" } } }, { "category": "product_version", "name": "kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.src", "product": { "name": "kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.src", "product_id": "kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@5.14.0-284.28.1.rt14.313.el9_2?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.src", "product": { "name": "openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.src", "product_id": "openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9?arch=src" } } }, { "category": "product_version", "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.src", "product": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.src", "product_id": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9?arch=src" } } }, { "category": "product_version", "name": "container-selinux-3:2.221.0-1.rhaos4.13.el8.src", "product": { "name": "container-selinux-3:2.221.0-1.rhaos4.13.el8.src", "product_id": "container-selinux-3:2.221.0-1.rhaos4.13.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/container-selinux@2.221.0-1.rhaos4.13.el8?arch=src\u0026epoch=3" } } }, { "category": "product_version", "name": "openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.src", "product": { "name": "openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.src", "product_id": "openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.src", "product": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.src", "product_id": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "python3-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.noarch", "product": { "name": "python3-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.noarch", "product_id": "python3-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-ironic-lib@5.4.1-0.20230410165532.b393f4c.el9?arch=noarch" } } }, { "category": "product_version", "name": "python3-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.noarch", "product": { "name": "python3-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.noarch", "product_id": "python3-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-oslo-messaging@14.1.0-0.20230308164807.9f710ce.el9?arch=noarch" } } }, { "category": "product_version", "name": "python3-oslo-messaging-tests-0:14.1.0-0.20230308164807.9f710ce.el9.noarch", "product": { "name": "python3-oslo-messaging-tests-0:14.1.0-0.20230308164807.9f710ce.el9.noarch", "product_id": "python3-oslo-messaging-tests-0:14.1.0-0.20230308164807.9f710ce.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-oslo-messaging-tests@14.1.0-0.20230308164807.9f710ce.el9?arch=noarch" } } }, { "category": "product_version", "name": "container-selinux-3:2.221.0-1.rhaos4.13.el9.noarch", "product": { "name": "container-selinux-3:2.221.0-1.rhaos4.13.el9.noarch", "product_id": "container-selinux-3:2.221.0-1.rhaos4.13.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/container-selinux@2.221.0-1.rhaos4.13.el9?arch=noarch\u0026epoch=3" } } }, { "category": "product_version", "name": "kernel-abi-stablelists-0:5.14.0-284.28.1.el9_2.noarch", "product": { "name": "kernel-abi-stablelists-0:5.14.0-284.28.1.el9_2.noarch", "product_id": "kernel-abi-stablelists-0:5.14.0-284.28.1.el9_2.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-abi-stablelists@5.14.0-284.28.1.el9_2?arch=noarch" } } }, { "category": "product_version", "name": "kernel-doc-0:5.14.0-284.28.1.el9_2.noarch", "product": { "name": "kernel-doc-0:5.14.0-284.28.1.el9_2.noarch", "product_id": "kernel-doc-0:5.14.0-284.28.1.el9_2.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-doc@5.14.0-284.28.1.el9_2?arch=noarch" } } }, { "category": "product_version", "name": "container-selinux-3:2.221.0-1.rhaos4.13.el8.noarch", "product": { "name": "container-selinux-3:2.221.0-1.rhaos4.13.el8.noarch", "product_id": "container-selinux-3:2.221.0-1.rhaos4.13.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/container-selinux@2.221.0-1.rhaos4.13.el8?arch=noarch\u0026epoch=3" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "bpftool-0:7.0.0-284.28.1.el9_2.aarch64", "product": { "name": "bpftool-0:7.0.0-284.28.1.el9_2.aarch64", "product_id": "bpftool-0:7.0.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool@7.0.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-core-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-core@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-debug-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-debug-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-debug-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-debug@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-debug-core-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-debug-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-debug-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-debug-core@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-debug-devel@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-debug-devel-matched@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-debug-modules@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-debug-modules-core@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-debug-modules-extra@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-debug-modules-internal@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-debug-modules-partner@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-devel-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-devel-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-devel-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-devel@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-devel-matched@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-modules-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-modules-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-modules-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-modules@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-modules-core@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-modules-extra@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-modules-internal@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-modules-partner@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-core-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-core@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-cross-headers@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-debug-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-debug-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-core@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel-matched@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-core@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-extra@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-internal@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-partner@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-devel-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-devel-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-devel-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel-matched@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-headers-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-headers-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-headers-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-headers@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-modules-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-modules-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-modules-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-core@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-extra@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-internal@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-partner@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-selftests-internal@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-tools-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-tools-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-tools-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-tools-libs-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-tools-libs-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs-devel@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "perf-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "perf-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "perf-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "python3-perf-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "python3-perf-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "python3-perf-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "rtla-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "rtla-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "rtla-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rtla@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.aarch64", "product": { "name": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.aarch64", "product_id": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool-debuginfo@7.0.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-debug-debuginfo@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-64k-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-64k-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-64k-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-64k-debuginfo@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-debuginfo@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debuginfo-common-aarch64-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-debuginfo-common-aarch64-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-debuginfo-common-aarch64-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo-common-aarch64@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-debuginfo@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf-debuginfo@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product": { "name": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product_id": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf-debuginfo@5.14.0-284.28.1.el9_2?arch=aarch64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.aarch64", "product": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.aarch64", "product_id": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9?arch=aarch64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.aarch64", "product": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.aarch64", "product_id": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9?arch=aarch64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.aarch64", "product": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.aarch64", "product_id": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8?arch=aarch64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.aarch64", "product": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.aarch64", "product_id": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "bpftool-0:7.0.0-284.28.1.el9_2.ppc64le", "product": { "name": "bpftool-0:7.0.0-284.28.1.el9_2.ppc64le", "product_id": "bpftool-0:7.0.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool@7.0.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-core-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-core-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-core-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-core@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-cross-headers@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-debug-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-debug-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-core@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel-matched@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-core@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-extra@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-internal@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-partner@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel-matched@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-headers-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-headers-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-headers-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-headers@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-ipaclones-internal@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-modules-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-modules-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-modules-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-core@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-extra@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-internal@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-partner@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-selftests-internal@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-tools-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-tools-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-tools-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-tools-libs-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-tools-libs-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs-devel@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "perf-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "perf-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "perf-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-perf-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "python3-perf-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "python3-perf-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "rtla-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "rtla-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "rtla-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rtla@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.ppc64le", "product": { "name": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.ppc64le", "product_id": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool-debuginfo@7.0.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-debuginfo@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debuginfo-common-ppc64le-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-debuginfo-common-ppc64le-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-debuginfo-common-ppc64le-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo-common-ppc64le@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-debuginfo@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf-debuginfo@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "product": { "name": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "product_id": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf-debuginfo@5.14.0-284.28.1.el9_2?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.ppc64le", "product": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.ppc64le", "product_id": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.ppc64le", "product": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.ppc64le", "product_id": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.ppc64le", "product": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.ppc64le", "product_id": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.ppc64le", "product": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.ppc64le", "product_id": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "bpftool-0:7.0.0-284.28.1.el9_2.x86_64", "product": { "name": "bpftool-0:7.0.0-284.28.1.el9_2.x86_64", "product_id": "bpftool-0:7.0.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool@7.0.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-core-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-core-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-core-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-core@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-cross-headers@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-debug-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-debug-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-core@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel-matched@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-core@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-extra@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-internal@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-partner@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-debug-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-debug-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-uki-virt@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-devel-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-devel-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel-matched@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-headers-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-headers-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-headers@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-ipaclones-internal@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-modules-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-modules-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-core@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-extra@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-internal@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-partner@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-selftests-internal@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-tools-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-tools-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-tools-libs-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-tools-libs-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs-devel@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-uki-virt@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "perf-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "perf-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "python3-perf-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "python3-perf-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "python3-perf-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "rtla-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "rtla-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "rtla-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rtla@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.x86_64", "product": { "name": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.x86_64", "product_id": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool-debuginfo@7.0.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-debuginfo@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debuginfo-common-x86_64-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-debuginfo-common-x86_64-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-debuginfo-common-x86_64-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo-common-x86_64@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-debuginfo@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf-debuginfo@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "product": { "name": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "product_id": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf-debuginfo@5.14.0-284.28.1.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-core@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-debug-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-debug-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-debug-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-debug-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-core@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-debug-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-debug-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-debug-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-debug-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-devel-matched@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-debug-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-debug-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-debug-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-debug-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-debug-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-debug-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-core@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-debug-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-debug-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-debug-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-debug-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-internal@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-debug-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-debug-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-partner@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-devel@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-devel-matched@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-kvm@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules-core@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules-extra@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules-internal@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules-partner@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-selftests-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-selftests-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-selftests-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-selftests-internal@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-debug-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-debug-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product": { "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_id": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@5.14.0-284.28.1.rt14.313.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.x86_64", "product": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.x86_64", "product_id": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64", "product": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64", "product_id": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64", "product_id": "openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.x86_64", "product_id": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64", "product": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64", "product_id": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64", "product_id": "openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "bpftool-0:7.0.0-284.28.1.el9_2.s390x", "product": { "name": "bpftool-0:7.0.0-284.28.1.el9_2.s390x", "product_id": "bpftool-0:7.0.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool@7.0.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-core-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-core-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-core-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-core@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-cross-headers@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-debug-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-debug-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-core@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel-matched@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-core@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-extra@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-internal@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-partner@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-devel-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-devel-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-devel-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel-matched@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-headers-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-headers-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-headers-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-headers@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-modules-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-modules-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-modules-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-core@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-extra@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-internal@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-partner@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-selftests-internal@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-tools-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-tools-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-tools-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-zfcpdump-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-zfcpdump-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-core-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-zfcpdump-core-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-zfcpdump-core-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-core@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-devel-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-zfcpdump-devel-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-zfcpdump-devel-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-devel@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-zfcpdump-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-zfcpdump-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-devel-matched@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-modules-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-zfcpdump-modules-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-zfcpdump-modules-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-modules@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-zfcpdump-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-zfcpdump-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-modules-core@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-zfcpdump-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-zfcpdump-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-modules-extra@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-zfcpdump-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-zfcpdump-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-modules-internal@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-zfcpdump-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-zfcpdump-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-modules-partner@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "perf-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "perf-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "perf-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "python3-perf-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "python3-perf-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "python3-perf-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "rtla-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "rtla-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "rtla-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rtla@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.s390x", "product": { "name": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.s390x", "product_id": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool-debuginfo@7.0.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-debuginfo@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debuginfo-common-s390x-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-debuginfo-common-s390x-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-debuginfo-common-s390x-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo-common-s390x@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-debuginfo@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "kernel-zfcpdump-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "kernel-zfcpdump-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-debuginfo@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf-debuginfo@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product": { "name": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product_id": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf-debuginfo@5.14.0-284.28.1.el9_2?arch=s390x" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.s390x", "product": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.s390x", "product_id": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9?arch=s390x" } } }, { "category": "product_version", "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.s390x", "product": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.s390x", "product_id": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9?arch=s390x" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.s390x", "product": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.s390x", "product_id": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.s390x", "product": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.s390x", "product_id": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "container-selinux-3:2.221.0-1.rhaos4.13.el8.noarch as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "8Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el8.noarch" }, "product_reference": "container-selinux-3:2.221.0-1.rhaos4.13.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "container-selinux-3:2.221.0-1.rhaos4.13.el8.src as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "8Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el8.src" }, "product_reference": "container-selinux-3:2.221.0-1.rhaos4.13.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "8Base-RHOSE-4.13:openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.src" }, "product_reference": "openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.aarch64" }, "product_reference": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.s390x" }, "product_reference": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.src" }, "product_reference": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64" }, "product_reference": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "8Base-RHOSE-4.13:openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.aarch64" }, "product_reference": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.s390x" }, "product_reference": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:7.0.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.aarch64" }, "product_reference": "bpftool-0:7.0.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:7.0.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.ppc64le" }, "product_reference": "bpftool-0:7.0.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:7.0.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.s390x" }, "product_reference": "bpftool-0:7.0.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:7.0.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.x86_64" }, "product_reference": "bpftool-0:7.0.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.aarch64" }, "product_reference": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.ppc64le" }, "product_reference": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.s390x" }, "product_reference": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.x86_64" }, "product_reference": "bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "container-selinux-3:2.221.0-1.rhaos4.13.el9.noarch as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el9.noarch" }, "product_reference": "container-selinux-3:2.221.0-1.rhaos4.13.el9.noarch", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "container-selinux-3:2.221.0-1.rhaos4.13.el9.src as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el9.src" }, "product_reference": "container-selinux-3:2.221.0-1.rhaos4.13.el9.src", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:5.14.0-284.28.1.el9_2.src as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.src" }, "product_reference": "kernel-0:5.14.0-284.28.1.el9_2.src", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-core-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-core-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-core-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-debug-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-debug-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-debug-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-debug-core-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-debug-core-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-debug-core-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-devel-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-devel-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-devel-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-modules-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-modules-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-modules-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-modules-core-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-modules-core-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-64k-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-64k-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-64k-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-abi-stablelists-0:5.14.0-284.28.1.el9_2.noarch as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-abi-stablelists-0:5.14.0-284.28.1.el9_2.noarch" }, "product_reference": "kernel-abi-stablelists-0:5.14.0-284.28.1.el9_2.noarch", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-core-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-core-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-core-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-core-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-core-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-core-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-core-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-core-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-cross-headers-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-debug-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-debug-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-debug-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-debug-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-debug-core-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-debug-devel-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-debug-modules-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debug-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-debug-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-common-aarch64-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debuginfo-common-aarch64-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-debuginfo-common-aarch64-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-common-ppc64le-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debuginfo-common-ppc64le-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-debuginfo-common-ppc64le-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-common-s390x-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debuginfo-common-s390x-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-debuginfo-common-s390x-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-common-x86_64-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-debuginfo-common-x86_64-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-debuginfo-common-x86_64-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-devel-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-devel-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-devel-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-doc-0:5.14.0-284.28.1.el9_2.noarch as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-doc-0:5.14.0-284.28.1.el9_2.noarch" }, "product_reference": "kernel-doc-0:5.14.0-284.28.1.el9_2.noarch", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-headers-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-headers-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-headers-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-headers-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-modules-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-modules-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-modules-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-modules-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-modules-core-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.src as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.src" }, "product_reference": "kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.src", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-debug-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-debug-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-debug-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-debug-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-debug-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-debug-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-debug-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-debug-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-debug-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-debug-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-debug-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-selftests-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-rt-selftests-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64" }, "product_reference": "kernel-rt-selftests-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-tools-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-tools-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-tools-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-tools-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-tools-libs-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-tools-libs-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-tools-libs-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-tools-libs-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-tools-libs-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-tools-libs-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "kernel-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-zfcpdump-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-zfcpdump-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-core-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-zfcpdump-core-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-zfcpdump-core-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-debuginfo-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-zfcpdump-debuginfo-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-zfcpdump-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-devel-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-zfcpdump-devel-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-zfcpdump-devel-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-devel-matched-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-zfcpdump-devel-matched-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-zfcpdump-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-modules-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-zfcpdump-modules-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-zfcpdump-modules-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-modules-core-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-zfcpdump-modules-core-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-zfcpdump-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-modules-extra-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-zfcpdump-modules-extra-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-zfcpdump-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-modules-internal-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-zfcpdump-modules-internal-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-zfcpdump-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-modules-partner-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:kernel-zfcpdump-modules-partner-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "kernel-zfcpdump-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.src as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.src" }, "product_reference": "openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.src", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.aarch64" }, "product_reference": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.ppc64le" }, "product_reference": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.s390x" }, "product_reference": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.src as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.src" }, "product_reference": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.src", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64" }, "product_reference": "openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.aarch64" }, "product_reference": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.s390x" }, "product_reference": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.x86_64" }, "product_reference": "openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "perf-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "perf-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "perf-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "perf-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "python3-perf-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "python3-perf-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "python3-perf-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "python3-perf-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "rtla-0:5.14.0-284.28.1.el9_2.aarch64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.aarch64" }, "product_reference": "rtla-0:5.14.0-284.28.1.el9_2.aarch64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "rtla-0:5.14.0-284.28.1.el9_2.ppc64le as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.ppc64le" }, "product_reference": "rtla-0:5.14.0-284.28.1.el9_2.ppc64le", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "rtla-0:5.14.0-284.28.1.el9_2.s390x as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.s390x" }, "product_reference": "rtla-0:5.14.0-284.28.1.el9_2.s390x", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "rtla-0:5.14.0-284.28.1.el9_2.x86_64 as a component of Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.x86_64" }, "product_reference": "rtla-0:5.14.0-284.28.1.el9_2.x86_64", "relates_to_product_reference": "9Base-RHOSE-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "python-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.src as a component of Ironic content for Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-IRONIC-4.13:python-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.src" }, "product_reference": "python-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.src", "relates_to_product_reference": "9Base-RHOSE-IRONIC-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "python-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.src as a component of Ironic content for Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-IRONIC-4.13:python-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.src" }, "product_reference": "python-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.src", "relates_to_product_reference": "9Base-RHOSE-IRONIC-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "python3-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.noarch as a component of Ironic content for Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-IRONIC-4.13:python3-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.noarch" }, "product_reference": "python3-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.noarch", "relates_to_product_reference": "9Base-RHOSE-IRONIC-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "python3-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.noarch as a component of Ironic content for Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-IRONIC-4.13:python3-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.noarch" }, "product_reference": "python3-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.noarch", "relates_to_product_reference": "9Base-RHOSE-IRONIC-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "python3-oslo-messaging-tests-0:14.1.0-0.20230308164807.9f710ce.el9.noarch as a component of Ironic content for Red Hat OpenShift Container Platform 4.13", "product_id": "9Base-RHOSE-IRONIC-4.13:python3-oslo-messaging-tests-0:14.1.0-0.20230308164807.9f710ce.el9.noarch" }, "product_reference": "python3-oslo-messaging-tests-0:14.1.0-0.20230308164807.9f710ce.el9.noarch", "relates_to_product_reference": "9Base-RHOSE-IRONIC-4.13" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-27664", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el8.noarch", "8Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el8.src", "8Base-RHOSE-4.13:openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.src", "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.aarch64", "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.s390x", "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.x86_64", "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el9.noarch", "9Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el9.src", "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.src", "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-64k-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-devel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-modules-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-abi-stablelists-0:5.14.0-284.28.1.el9_2.noarch", "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debuginfo-common-aarch64-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debuginfo-common-ppc64le-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debuginfo-common-s390x-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debuginfo-common-x86_64-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-doc-0:5.14.0-284.28.1.el9_2.noarch", "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.src", "9Base-RHOSE-4.13:kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-selftests-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-tools-libs-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-tools-libs-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-tools-libs-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-zfcpdump-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-devel-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-modules-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.src", "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.aarch64", "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.ppc64le", "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.s390x", "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.x86_64", "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-IRONIC-4.13:python-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.src", "9Base-RHOSE-IRONIC-4.13:python-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.src", "9Base-RHOSE-IRONIC-4.13:python3-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.noarch", "9Base-RHOSE-IRONIC-4.13:python3-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.noarch", "9Base-RHOSE-IRONIC-4.13:python3-oslo-messaging-tests-0:14.1.0-0.20230308164807.9f710ce.el9.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2124669" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: handle server errors after sending GOAWAY", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.aarch64", "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.s390x", "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.src", "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64", "8Base-RHOSE-4.13:openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64", "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.aarch64", "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.ppc64le", "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.s390x", "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.src", "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64", "9Base-RHOSE-4.13:openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64" ], "known_not_affected": [ "8Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el8.noarch", "8Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el8.src", "8Base-RHOSE-4.13:openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.src", "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.aarch64", "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.s390x", "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.x86_64", "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el9.noarch", "9Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el9.src", "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.src", "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-64k-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-devel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-modules-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-abi-stablelists-0:5.14.0-284.28.1.el9_2.noarch", "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debuginfo-common-aarch64-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debuginfo-common-ppc64le-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debuginfo-common-s390x-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debuginfo-common-x86_64-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-doc-0:5.14.0-284.28.1.el9_2.noarch", "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.src", "9Base-RHOSE-4.13:kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-selftests-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-tools-libs-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-tools-libs-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-tools-libs-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-zfcpdump-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-devel-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-modules-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.src", "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.aarch64", "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.ppc64le", "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.s390x", "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.x86_64", "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-IRONIC-4.13:python-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.src", "9Base-RHOSE-IRONIC-4.13:python-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.src", "9Base-RHOSE-IRONIC-4.13:python3-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.noarch", "9Base-RHOSE-IRONIC-4.13:python3-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.noarch", "9Base-RHOSE-IRONIC-4.13:python3-oslo-messaging-tests-0:14.1.0-0.20230308164807.9f710ce.el9.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-27664" }, { "category": "external", "summary": "RHBZ#2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664" }, { "category": "external", "summary": "https://go.dev/issue/54658", "url": "https://go.dev/issue/54658" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" } ], "release_date": "2022-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-30T19:59:47+00:00", "details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html", "product_ids": [ "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.aarch64", "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.s390x", "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.src", "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64", "8Base-RHOSE-4.13:openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64", "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.aarch64", "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.ppc64le", "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.s390x", "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.src", "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64", "9Base-RHOSE-4.13:openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4734" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el8.noarch", "8Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el8.src", "8Base-RHOSE-4.13:openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.src", "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.aarch64", "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.s390x", "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.src", "8Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64", "8Base-RHOSE-4.13:openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el8.x86_64", "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.aarch64", "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.s390x", "8Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el8.x86_64", "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:bpftool-0:7.0.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:bpftool-debuginfo-0:7.0.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el9.noarch", "9Base-RHOSE-4.13:container-selinux-3:2.221.0-1.rhaos4.13.el9.src", "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.src", "9Base-RHOSE-4.13:kernel-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-64k-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-devel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-modules-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-64k-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-abi-stablelists-0:5.14.0-284.28.1.el9_2.noarch", "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-core-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-cross-headers-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-core-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-devel-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-modules-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-modules-core-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debug-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debug-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-debuginfo-common-aarch64-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-debuginfo-common-ppc64le-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-debuginfo-common-s390x-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-debuginfo-common-x86_64-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-devel-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-devel-matched-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-doc-0:5.14.0-284.28.1.el9_2.noarch", "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-headers-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-ipaclones-internal-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-modules-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-modules-core-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-modules-extra-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-modules-internal-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-modules-partner-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.src", "9Base-RHOSE-4.13:kernel-rt-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debug-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debuginfo-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-devel-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-devel-matched-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-kvm-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-modules-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-modules-core-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-modules-extra-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-modules-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-modules-partner-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-rt-selftests-internal-0:5.14.0-284.28.1.rt14.313.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-selftests-internal-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-tools-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-tools-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-tools-libs-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-tools-libs-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-tools-libs-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:kernel-tools-libs-devel-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-uki-virt-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:kernel-zfcpdump-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-devel-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-devel-matched-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-modules-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-modules-core-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-modules-extra-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-modules-internal-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:kernel-zfcpdump-modules-partner-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:openshift-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.src", "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.aarch64", "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.ppc64le", "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.s390x", "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.src", "9Base-RHOSE-4.13:openshift-clients-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64", "9Base-RHOSE-4.13:openshift-clients-redistributable-0:4.13.0-202308112024.p0.g17b7acc.assembly.stream.el9.x86_64", "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.aarch64", "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.ppc64le", "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.s390x", "9Base-RHOSE-4.13:openshift-hyperkube-0:4.13.0-202308112024.p0.g0ef5eae.assembly.stream.el9.x86_64", "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:perf-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:python3-perf-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:python3-perf-debuginfo-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.aarch64", "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.ppc64le", "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.s390x", "9Base-RHOSE-4.13:rtla-0:5.14.0-284.28.1.el9_2.x86_64", "9Base-RHOSE-IRONIC-4.13:python-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.src", "9Base-RHOSE-IRONIC-4.13:python-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.src", "9Base-RHOSE-IRONIC-4.13:python3-ironic-lib-0:5.4.1-0.20230410165532.b393f4c.el9.noarch", "9Base-RHOSE-IRONIC-4.13:python3-oslo-messaging-0:14.1.0-0.20230308164807.9f710ce.el9.noarch", "9Base-RHOSE-IRONIC-4.13:python3-oslo-messaging-tests-0:14.1.0-0.20230308164807.9f710ce.el9.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: handle server errors after sending GOAWAY" } ] }
rhsa-2023_3642
Vulnerability from csaf_redhat
Published
2023-06-15 15:59
Modified
2025-01-06 19:26
Summary
Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update
Notes
Topic
A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9.
Security Fix(es):
* crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* grafana: stored XSS vulnerability (CVE-2022-31097)
* grafana: OAuth account takeover (CVE-2022-31107)
* ramda: prototype poisoning (CVE-2021-42581)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* marked: regular expression block.def may lead Denial of Service (CVE-2022-21680)
* marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* grafana: plugin signature bypass (CVE-2022-31123)
* grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)
* grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201)
* grafana: using email as a username can block other users from signing in (CVE-2022-39229)
* grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)
* grafana: User enumeration via forget password (CVE-2022-39307)
* grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index
All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.\n\nThis new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9.\n\nSecurity Fix(es):\n\n* crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* grafana: stored XSS vulnerability (CVE-2022-31097)\n\n* grafana: OAuth account takeover (CVE-2022-31107)\n\n* ramda: prototype poisoning (CVE-2021-42581)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* marked: regular expression block.def may lead Denial of Service (CVE-2022-21680)\n\n* marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* grafana: plugin signature bypass (CVE-2022-31123)\n\n* grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n\n* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)\n\n* grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201)\n\n* grafana: using email as a username can block other users from signing in (CVE-2022-39229)\n\n* grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)\n\n* grafana: User enumeration via forget password (CVE-2022-39307)\n\n* grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nSpace precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:3642", "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index" }, { "category": "external", "summary": "2066563", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066563" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2077688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688" }, { "category": "external", "summary": "2077689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689" }, { "category": "external", "summary": "2082705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082705" }, { "category": "external", "summary": "2082706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082706" }, { "category": "external", "summary": "2083778", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083778" }, { "category": "external", "summary": "2084085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085" }, { "category": "external", "summary": "2085307", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307" }, { "category": "external", "summary": "2092793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793" }, { "category": "external", "summary": "2104365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104365" }, { "category": "external", "summary": "2104367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367" }, { "category": "external", "summary": "2107342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342" }, { "category": "external", "summary": "2107371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371" }, { "category": "external", "summary": "2107374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374" }, { "category": "external", "summary": "2107383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383" }, { "category": "external", "summary": "2107386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386" }, { "category": "external", "summary": "2107388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, { "category": "external", "summary": "2107390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390" }, { "category": "external", "summary": "2107392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392" }, { "category": "external", "summary": "2113814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814" }, { "category": "external", "summary": "2124668", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668" }, { "category": "external", "summary": "2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "2125514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514" }, { "category": "external", "summary": "2131146", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131146" }, { "category": "external", "summary": "2131147", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131147" }, { "category": "external", "summary": "2131148", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131148" }, { "category": "external", "summary": "2131149", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149" }, { "category": "external", "summary": "2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "2138014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138014" }, { "category": "external", "summary": "2138015", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138015" }, { "category": "external", "summary": "2148252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148252" }, { "category": "external", "summary": "2149181", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149181" }, { "category": "external", "summary": "2168965", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168965" }, { "category": "external", "summary": "2174461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174461" }, { "category": "external", "summary": "2174462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174462" }, { "category": "external", "summary": "2186142", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186142" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3642.json" } ], "title": "Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update", "tracking": { "current_release_date": "2025-01-06T19:26:59+00:00", "generator": { "date": "2025-01-06T19:26:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.5" } }, "id": "RHSA-2023:3642", "initial_release_date": "2023-06-15T15:59:41+00:00", "revision_history": [ { "date": "2023-06-15T15:59:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-06-15T15:59:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-01-06T19:26:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Ceph Storage 6.1 Tools", "product": { "name": "Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools", "product_identification_helper": { "cpe": "cpe:/a:redhat:ceph_storage:6.1::el9" } } } ], "category": "product_family", "name": "Red Hat Ceph Storage" }, { "branches": [ { "category": "product_version", "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "product": { "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "product_identification_helper": { "purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75" } } }, { "category": "product_version", "name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "product": { "name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "product_id": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "product_identification_helper": { "purl": "pkg:oci/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3" } } }, { "category": "product_version", "name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "product": { "name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "product_id": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "product_identification_helper": { "purl": "pkg:oci/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5" } } }, { "category": "product_version", "name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "product": { "name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "product_id": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "product_identification_helper": { "purl": "pkg:oci/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177" } } }, { "category": "product_version", "name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "product": { "name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "product_id": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "product_identification_helper": { "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4" } } }, { "category": "product_version", "name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "product": { "name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "product_id": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "product_identification_helper": { "purl": "pkg:oci/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "product": { "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75" } } }, { "category": "product_version", "name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "product": { "name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "product_id": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "product_identification_helper": { "purl": "pkg:oci/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3" } } }, { "category": "product_version", "name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "product": { "name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "product_id": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5" } } }, { "category": "product_version", "name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "product": { "name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "product_id": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177" } } }, { "category": "product_version", "name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "product": { "name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "product_id": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4" } } }, { "category": "product_version", "name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "product": { "name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "product_id": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "product_identification_helper": { "purl": "pkg:oci/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "product": { "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "product_identification_helper": { "purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75" } } }, { "category": "product_version", "name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "product": { "name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "product_id": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "product_identification_helper": { "purl": "pkg:oci/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3" } } }, { "category": "product_version", "name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "product": { "name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "product_id": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "product_identification_helper": { "purl": "pkg:oci/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5" } } }, { "category": "product_version", "name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "product": { "name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "product_id": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "product_identification_helper": { "purl": "pkg:oci/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177" } } }, { "category": "product_version", "name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "product": { "name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "product_id": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "product_identification_helper": { "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4" } } }, { "category": "product_version", "name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x", "product": { "name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x", "product_id": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x", "product_identification_helper": { "purl": "pkg:oci/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x" }, "product_reference": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le" }, "product_reference": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64 as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64" }, "product_reference": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64 as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64" }, "product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x" }, "product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" }, "product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x" }, "product_reference": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64 as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64" }, "product_reference": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le" }, "product_reference": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64 as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64" }, "product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le" }, "product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x" }, "product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x" }, "product_reference": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64 as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64" }, "product_reference": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le" }, "product_reference": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le" }, "product_reference": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64 as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64" }, "product_reference": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" }, "product_reference": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-42581", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-05-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083778" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "ramda: prototype poisoning", "title": "Vulnerability summary" }, { "category": "other", "text": "In Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are the application-ui container up to and including RHACM 2.4.4, 2.3.10 and 2.2.13 and grc-ui container up to and including RHACM 2.2.13 versions. However not any RHACM is affected in the kui-web-terminal container as is using already patched and not affected version, therefore we are not impacted in this particular component. In RHACM these components are behind OpenShift OAuth. This restricts access to the vulnerable ramda library to authenticated users only, therefore the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42581" }, { "category": "external", "summary": "RHBZ#2083778", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083778" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42581", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42581" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42581", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42581" }, { "category": "external", "summary": "https://github.com/ramda/ramda/pull/3192", "url": "https://github.com/ramda/ramda/pull/3192" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ramda: prototype poisoning" }, { "cve": "CVE-2022-1650", "cwe": { "id": "CWE-359", "name": "Exposure of Private Personal Information to an Unauthorized Actor" }, "discovery_date": "2022-05-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2085307" } ], "notes": [ { "category": "description", "text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.", "title": "Vulnerability description" }, { "category": "summary", "text": "eventsource: Exposure of Sensitive Information", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1650" }, { "category": "external", "summary": "RHBZ#2085307", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1650" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650" }, { "category": "external", "summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e", "url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e" } ], "release_date": "2022-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "eventsource: Exposure of Sensitive Information" }, { "cve": "CVE-2022-1705", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107374" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: improper sanitization of Transfer-Encoding header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1705" }, { "category": "external", "summary": "RHBZ#2107374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705" }, { "category": "external", "summary": "https://go.dev/issue/53188", "url": "https://go.dev/issue/53188" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: improper sanitization of Transfer-Encoding header" }, { "acknowledgments": [ { "names": [ "Daniel Abeles" ], "organization": "Head of Research, Oxeye" }, { "names": [ "Gal Goldstein" ], "organization": "Security Researcher, Oxeye" } ], "cve": "CVE-2022-2880", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132868" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2880" }, { "category": "external", "summary": "RHBZ#2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880" }, { "category": "external", "summary": "https://github.com/golang/go/issues/54663", "url": "https://github.com/golang/go/issues/54663" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters" }, { "cve": "CVE-2022-21680", "cwe": { "id": "CWE-186", "name": "Overly Restrictive Regular Expression" }, "discovery_date": "2022-05-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2082705" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "marked: regular expression block.def may lead Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21680" }, { "category": "external", "summary": "RHBZ#2082705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082705" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21680", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21680" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680" } ], "release_date": "2022-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "marked: regular expression block.def may lead Denial of Service" }, { "cve": "CVE-2022-21681", "cwe": { "id": "CWE-186", "name": "Overly Restrictive Regular Expression" }, "discovery_date": "2022-05-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2082706" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "marked: regular expression inline.reflinkSearch may lead Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21681" }, { "category": "external", "summary": "RHBZ#2082706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082706" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21681", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21681" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21681", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21681" } ], "release_date": "2022-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "marked: regular expression inline.reflinkSearch may lead Denial of Service" }, { "cve": "CVE-2022-23498", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-02-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2167266" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including `grafana_session.` As a result, any user that queries a data source where the caching is enabled can acquire another user\u2019s session.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: Use of Cache Containing Sensitive Information", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23498" }, { "category": "external", "summary": "RHBZ#2167266", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167266" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23498", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23498" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23498", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23498" }, { "category": "external", "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8" } ], "release_date": "2023-02-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "category": "workaround", "details": "To mitigate the vulnerability, disable the data source query caching for all data sources.", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "grafana: Use of Cache Containing Sensitive Information" }, { "cve": "CVE-2022-24675", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2022-04-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2077688" } ], "notes": [ { "category": "description", "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/pem: fix stack overflow in Decode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24675" }, { "category": "external", "summary": "RHBZ#2077688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8" } ], "release_date": "2022-04-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/pem: fix stack overflow in Decode" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" }, { "cve": "CVE-2022-26148", "cwe": { "id": "CWE-312", "name": "Cleartext Storage of Sensitive Information" }, "discovery_date": "2022-03-22T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066563" } ], "notes": [ { "category": "description", "text": "A flaw was found in Grafana when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right-click to view the source code and use Ctrl-F to search for the password in api_jsonrpc.php to discover the Zabbix account password and URL address.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26148" }, { "category": "external", "summary": "RHBZ#2066563", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066563" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26148", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26148" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26148", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26148" } ], "release_date": "2022-03-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix" }, { "cve": "CVE-2022-27664", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2124669" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: handle server errors after sending GOAWAY", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-27664" }, { "category": "external", "summary": "RHBZ#2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664" }, { "category": "external", "summary": "https://go.dev/issue/54658", "url": "https://go.dev/issue/54658" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" } ], "release_date": "2022-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: handle server errors after sending GOAWAY" }, { "cve": "CVE-2022-28131", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107390" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/xml: stack exhaustion in Decoder.Skip", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-28131" }, { "category": "external", "summary": "RHBZ#2107390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28131" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131" }, { "category": "external", "summary": "https://go.dev/issue/53614", "url": "https://go.dev/issue/53614" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/xml: stack exhaustion in Decoder.Skip" }, { "cve": "CVE-2022-28327", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-04-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2077689" } ], "notes": [ { "category": "description", "text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/elliptic: panic caused by oversized scalar", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-28327" }, { "category": "external", "summary": "RHBZ#2077689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8" } ], "release_date": "2022-04-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/elliptic: panic caused by oversized scalar" }, { "acknowledgments": [ { "names": [ "Jo\u00ebl G\u00e4hwiler" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-29526", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-05-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2084085" } ], "notes": [ { "category": "description", "text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: syscall: faccessat checks wrong group", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29526" }, { "category": "external", "summary": "RHBZ#2084085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU" } ], "release_date": "2022-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: syscall: faccessat checks wrong group" }, { "cve": "CVE-2022-30629", "cwe": { "id": "CWE-331", "name": "Insufficient Entropy" }, "discovery_date": "2022-06-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2092793" } ], "notes": [ { "category": "description", "text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: session tickets lack random ticket_age_add", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30629" }, { "category": "external", "summary": "RHBZ#2092793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg", "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg" } ], "release_date": "2022-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: crypto/tls: session tickets lack random ticket_age_add" }, { "cve": "CVE-2022-30630", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107371" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: io/fs: stack exhaustion in Glob", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30630" }, { "category": "external", "summary": "RHBZ#2107371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630" }, { "category": "external", "summary": "https://go.dev/issue/53415", "url": "https://go.dev/issue/53415" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: io/fs: stack exhaustion in Glob" }, { "cve": "CVE-2022-30631", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107342" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: compress/gzip: stack exhaustion in Reader.Read", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30631" }, { "category": "external", "summary": "RHBZ#2107342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631" }, { "category": "external", "summary": "https://go.dev/issue/53168", "url": "https://go.dev/issue/53168" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: compress/gzip: stack exhaustion in Reader.Read" }, { "cve": "CVE-2022-30632", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107386" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: path/filepath: stack exhaustion in Glob", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30632" }, { "category": "external", "summary": "RHBZ#2107386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632" }, { "category": "external", "summary": "https://go.dev/issue/53416", "url": "https://go.dev/issue/53416" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: path/filepath: stack exhaustion in Glob" }, { "cve": "CVE-2022-30633", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107392" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/xml: stack exhaustion in Unmarshal", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30633" }, { "category": "external", "summary": "RHBZ#2107392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633" }, { "category": "external", "summary": "https://go.dev/issue/53611", "url": "https://go.dev/issue/53611" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/xml: stack exhaustion in Unmarshal" }, { "cve": "CVE-2022-30635", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107388" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/gob: stack exhaustion in Decoder.Decode", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30635" }, { "category": "external", "summary": "RHBZ#2107388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635" }, { "category": "external", "summary": "https://go.dev/issue/53615", "url": "https://go.dev/issue/53615" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/gob: stack exhaustion in Decoder.Decode" }, { "cve": "CVE-2022-31097", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-07-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2104365" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability was found in the Unified Alerting feature of Grafana. This stored XSS can elevate privileges from Editor to Admin.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: stored XSS vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31097" }, { "category": "external", "summary": "RHBZ#2104365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104365" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31097", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31097" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31097", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31097" }, { "category": "external", "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f" } ], "release_date": "2022-07-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "category": "workaround", "details": "Disable Unified alerting.\nhttps://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#unified_alerting", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "grafana: stored XSS vulnerability" }, { "acknowledgments": [ { "names": [ "HTTPVoid team" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-31107", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2022-07-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2104367" } ], "notes": [ { "category": "description", "text": "A flaw was found in Grafana. This flaw allows a malicious user with the authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under certain conditions.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: OAuth account takeover", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31107" }, { "category": "external", "summary": "RHBZ#2104367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31107", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31107" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107" }, { "category": "external", "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2" } ], "release_date": "2022-07-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "category": "workaround", "details": "As a workaround, it is possible to disable any OAuth login or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "grafana: OAuth account takeover" }, { "cve": "CVE-2022-31123", "discovery_date": "2022-09-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2131147" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Grafana web application, where it is possible to install plugins which are not digitally signed. An admin could install unsigned plugins, which may contain malicious code.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: plugin signature bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31123" }, { "category": "external", "summary": "RHBZ#2131147", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131147" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31123", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31123" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31123", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31123" }, { "category": "external", "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8" } ], "release_date": "2022-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: plugin signature bypass" }, { "cve": "CVE-2022-31130", "discovery_date": "2022-09-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2131146" } ], "notes": [ { "category": "description", "text": "A flaw was found in Grafana\u0027s use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user\u0027s authentication token, which could be used by an attacker.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31130" }, { "category": "external", "summary": "RHBZ#2131146", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131146" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31130", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31130" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31130", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31130" } ], "release_date": "2022-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins" }, { "cve": "CVE-2022-32148", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107383" } ], "notes": [ { "category": "description", "text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32148" }, { "category": "external", "summary": "RHBZ#2107383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148" }, { "category": "external", "summary": "https://go.dev/issue/53423", "url": "https://go.dev/issue/53423" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working" }, { "cve": "CVE-2022-32189", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2113814" } ], "notes": [ { "category": "description", "text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32189" }, { "category": "external", "summary": "RHBZ#2113814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189" }, { "category": "external", "summary": "https://go.dev/issue/53871", "url": "https://go.dev/issue/53871" }, { "category": "external", "summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU", "url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU" } ], "release_date": "2022-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service" }, { "cve": "CVE-2022-32190", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2124668" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/url: JoinPath does not strip relative path components in all circumstances", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32190" }, { "category": "external", "summary": "RHBZ#2124668", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32190" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190" }, { "category": "external", "summary": "https://go.dev/issue/54385", "url": "https://go.dev/issue/54385" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" } ], "release_date": "2022-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/url: JoinPath does not strip relative path components in all circumstances" }, { "cve": "CVE-2022-35957", "cwe": { "id": "CWE-288", "name": "Authentication Bypass Using an Alternate Path or Channel" }, "discovery_date": "2022-09-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2125514" } ], "notes": [ { "category": "description", "text": "A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username (or email) in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with this front proxy.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: Escalation from admin to server admin when auth proxy is used", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-35957" }, { "category": "external", "summary": "RHBZ#2125514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-35957", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35957" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957" }, { "category": "external", "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: Escalation from admin to server admin when auth proxy is used" }, { "cve": "CVE-2022-39201", "discovery_date": "2022-09-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2131148" } ], "notes": [ { "category": "description", "text": "A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-39201" }, { "category": "external", "summary": "RHBZ#2131148", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131148" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-39201", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39201" } ], "release_date": "2022-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins" }, { "cve": "CVE-2022-39229", "discovery_date": "2022-09-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2131149" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email address access.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: using email as a username can block other users from signing in", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-39229" }, { "category": "external", "summary": "RHBZ#2131149", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-39229", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39229" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229" } ], "release_date": "2022-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: using email as a username can block other users from signing in" }, { "acknowledgments": [ { "names": [ "Grafana Team" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-39306", "cwe": { "id": "CWE-303", "name": "Incorrect Implementation of Authentication Algorithm" }, "discovery_date": "2022-10-26T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2138014" } ], "notes": [ { "category": "description", "text": "An authentication bypass flaw was discovered in Grafana. This issue could allow a remote unauthenticated attacker to create an account and provide access to a certain organization, which can be exploited by gaining access to the signup link. The highest impacts to the system are confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: email addresses and usernames cannot be trusted", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-39306" }, { "category": "external", "summary": "RHBZ#2138014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138014" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-39306", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39306" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306" }, { "category": "external", "summary": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/", "url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/" } ], "release_date": "2022-11-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: email addresses and usernames cannot be trusted" }, { "acknowledgments": [ { "names": [ "Grafana Team" ] } ], "cve": "CVE-2022-39307", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2022-10-26T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2138015" } ], "notes": [ { "category": "description", "text": "An information leak was discovered in Grafana. Remote unauthenticated users could exploit the forget password feature to discover which user accounts exist.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: User enumeration via forget password", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-39307" }, { "category": "external", "summary": "RHBZ#2138015", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138015" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-39307", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307" }, { "category": "external", "summary": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/", "url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/" } ], "release_date": "2022-11-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: User enumeration via forget password" }, { "acknowledgments": [ { "names": [ "Grafana Security Team" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-39324", "cwe": { "id": "CWE-472", "name": "External Control of Assumed-Immutable Web Parameter" }, "discovery_date": "2022-11-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2148252" } ], "notes": [ { "category": "description", "text": "A flaw was found in the grafana package. While creating a snapshot, an attacker may manipulate a hidden HTTP parameter to inject a malicious URL in the \"Open original dashboard\" button.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: Spoofing of the originalUrl parameter of snapshots", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Service Mesh containers include the Grafana RPM from RHEL and consume CVE fixes for Grafana from RHEL channels. The servicemesh-grafana RPM shipped in early versions of OpenShift Service Mesh 2.1 is no longer maintained.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-39324" }, { "category": "external", "summary": "RHBZ#2148252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148252" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-39324", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39324" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39324", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39324" }, { "category": "external", "summary": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/", "url": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/" } ], "release_date": "2023-01-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: Spoofing of the originalUrl parameter of snapshots" }, { "acknowledgments": [ { "names": [ "Adam Korczynski" ], "organization": "ADA Logics" }, { "names": [ "OSS-Fuzz" ] } ], "cve": "CVE-2022-41715", "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132872" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: regexp/syntax: limit memory used by parsing regexps", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41715" }, { "category": "external", "summary": "RHBZ#2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715" }, { "category": "external", "summary": "https://github.com/golang/go/issues/55949", "url": "https://github.com/golang/go/issues/55949" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: regexp/syntax: limit memory used by parsing regexps" }, { "cve": "CVE-2022-41912", "cwe": { "id": "CWE-165", "name": "Improper Neutralization of Multiple Internal Special Elements" }, "discovery_date": "2022-11-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2149181" } ], "notes": [ { "category": "description", "text": "An authentication bypass flaw was discovered in the crewjam/saml go package. A remote unauthenticated attacker could trigger it by sending a SAML request. This would allow an escalation of privileges and then enable compromising system integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements", "title": "Vulnerability summary" }, { "category": "other", "text": "Whilst the Red Hat Advanced Cluster Management for Kubernetes (RHACM) acm-grafana container include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Therefore the impact by this flaw is reduced from Critical to Important.\n\nThe OCP grafana-container includes the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Therefore the impact by this flaw is reduced from Critical to Important.\n\nWhile Red Hat Ceph Storage 4\u0027s grafana-container includes the affected code, this is used for logging and limits access to the rest of the Ceph cluster. Thus the impact has been reduced from critical to important. Red Hat Ceph Storage 3 and 4 do not use crewjam/saml in their version of grafana.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41912" }, { "category": "external", "summary": "RHBZ#2149181", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149181" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41912", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41912" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41912", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41912" }, { "category": "external", "summary": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g", "url": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g" } ], "release_date": "2022-11-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T15:59:41+00:00", "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements" } ] }
rhsa-2023:1275
Vulnerability from csaf_redhat
Published
2023-03-15 19:58
Modified
2025-02-07 14:59
Summary
Red Hat Security Advisory: Red Hat OpenStack Platform (etcd) security update
Notes
Topic
An update for etcd is now available for Red Hat OpenStack Platform.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
etcd is a highly-available key value store for shared configuration.
The following Important impact security fix(es) are applicable to Red Hat OpenStack Platform 17.0 (Wallaby), 16.2 (Train), and 16.1 (Train):
* Improve heuristics preventing CPU/memory abuse by parsing malicious or
large YAML documents (CVE-2022-3064)
As a result of being built by golang 1.18.9, the following Moderate impact security fix(es) are applicable to Red Hat OpenStack Platform 16.2 and 16.1:
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
As a result of being built by golang 1.18.9, the following Low impact security fix(es) are applicable to Red Hat OpenStack Platform 16.2 and 16.1:
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for etcd is now available for Red Hat OpenStack Platform.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "etcd is a highly-available key value store for shared configuration.\n\nThe following Important impact security fix(es) are applicable to Red Hat OpenStack Platform 17.0 (Wallaby), 16.2 (Train), and 16.1 (Train):\n\n* Improve heuristics preventing CPU/memory abuse by parsing malicious or\nlarge YAML documents (CVE-2022-3064)\n\nAs a result of being built by golang 1.18.9, the following Moderate impact security fix(es) are applicable to Red Hat OpenStack Platform 16.2 and 16.1:\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nAs a result of being built by golang 1.18.9, the following Low impact security fix(es) are applicable to Red Hat OpenStack Platform 16.2 and 16.1:\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1275", "url": "https://access.redhat.com/errata/RHSA-2023:1275" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2092793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793" }, { "category": "external", "summary": "2107371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371" }, { "category": "external", "summary": "2107374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374" }, { "category": "external", "summary": "2107383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383" }, { "category": "external", "summary": "2107386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386" }, { "category": "external", "summary": "2107388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, { "category": "external", "summary": "2113814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814" }, { "category": "external", "summary": "2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "2161274", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274" }, { "category": "external", "summary": "2163037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163037" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1275.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenStack Platform (etcd) security update", "tracking": { "current_release_date": "2025-02-07T14:59:54+00:00", "generator": { "date": "2025-02-07T14:59:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.3.0" } }, "id": "RHSA-2023:1275", "initial_release_date": "2023-03-15T19:58:09+00:00", "revision_history": [ { "date": "2023-03-15T19:58:09+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-15T19:58:09+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-07T14:59:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenStack Platform 16.1", "product": { "name": "Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:16.1::el8" } } }, { "category": "product_name", "name": "Red Hat OpenStack Platform 16.2", "product": { "name": "Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:16.2::el8" } } } ], "category": "product_family", "name": "Red Hat OpenStack Platform" }, { "branches": [ { "category": "product_version", "name": "etcd-0:3.3.23-12.el8ost.src", "product": { "name": "etcd-0:3.3.23-12.el8ost.src", "product_id": "etcd-0:3.3.23-12.el8ost.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd@3.3.23-12.el8ost?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "etcd-0:3.3.23-12.el8ost.x86_64", "product": { "name": "etcd-0:3.3.23-12.el8ost.x86_64", "product_id": "etcd-0:3.3.23-12.el8ost.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd@3.3.23-12.el8ost?arch=x86_64" } } }, { "category": "product_version", "name": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "product": { "name": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "product_id": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-12.el8ost?arch=x86_64" } } }, { "category": "product_version", "name": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "product": { "name": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "product_id": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-12.el8ost?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "etcd-0:3.3.23-12.el8ost.ppc64le", "product": { "name": "etcd-0:3.3.23-12.el8ost.ppc64le", "product_id": "etcd-0:3.3.23-12.el8ost.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd@3.3.23-12.el8ost?arch=ppc64le" } } }, { "category": "product_version", "name": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "product": { "name": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "product_id": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-12.el8ost?arch=ppc64le" } } }, { "category": "product_version", "name": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "product": { "name": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "product_id": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-12.el8ost?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "etcd-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le" }, "product_reference": "etcd-0:3.3.23-12.el8ost.ppc64le", "relates_to_product_reference": "8Base-RHOS-16.1" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-0:3.3.23-12.el8ost.src as a component of Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src" }, "product_reference": "etcd-0:3.3.23-12.el8ost.src", "relates_to_product_reference": "8Base-RHOS-16.1" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64" }, "product_reference": "etcd-0:3.3.23-12.el8ost.x86_64", "relates_to_product_reference": "8Base-RHOS-16.1" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le" }, "product_reference": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "relates_to_product_reference": "8Base-RHOS-16.1" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64" }, "product_reference": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "relates_to_product_reference": "8Base-RHOS-16.1" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le" }, "product_reference": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "relates_to_product_reference": "8Base-RHOS-16.1" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" }, "product_reference": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "relates_to_product_reference": "8Base-RHOS-16.1" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le" }, "product_reference": "etcd-0:3.3.23-12.el8ost.ppc64le", "relates_to_product_reference": "8Base-RHOS-16.2" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-0:3.3.23-12.el8ost.src as a component of Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src" }, "product_reference": "etcd-0:3.3.23-12.el8ost.src", "relates_to_product_reference": "8Base-RHOS-16.2" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64" }, "product_reference": "etcd-0:3.3.23-12.el8ost.x86_64", "relates_to_product_reference": "8Base-RHOS-16.2" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le" }, "product_reference": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "relates_to_product_reference": "8Base-RHOS-16.2" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64" }, "product_reference": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "relates_to_product_reference": "8Base-RHOS-16.2" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le" }, "product_reference": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "relates_to_product_reference": "8Base-RHOS-16.2" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" }, "product_reference": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "relates_to_product_reference": "8Base-RHOS-16.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-1705", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107374" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: improper sanitization of Transfer-Encoding header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1705" }, { "category": "external", "summary": "RHBZ#2107374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705" }, { "category": "external", "summary": "https://go.dev/issue/53188", "url": "https://go.dev/issue/53188" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-15T19:58:09+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: improper sanitization of Transfer-Encoding header" }, { "acknowledgments": [ { "names": [ "Daniel Abeles" ], "organization": "Head of Research, Oxeye" }, { "names": [ "Gal Goldstein" ], "organization": "Security Researcher, Oxeye" } ], "cve": "CVE-2022-2880", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-10-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132868" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2880" }, { "category": "external", "summary": "RHBZ#2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880" }, { "category": "external", "summary": "https://github.com/golang/go/issues/54663", "url": "https://github.com/golang/go/issues/54663" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-15T19:58:09+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters" }, { "cve": "CVE-2022-3064", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-01-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2163037" } ], "notes": [ { "category": "description", "text": "A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.", "title": "Vulnerability description" }, { "category": "summary", "text": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3064" }, { "category": "external", "summary": "RHBZ#2163037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163037" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3064", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3064" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r", "url": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r" }, { "category": "external", "summary": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5", "url": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5" }, { "category": "external", "summary": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4", "url": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2022-0956", "url": "https://pkg.go.dev/vuln/GO-2022-0956" } ], "release_date": "2022-08-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-15T19:58:09+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents" }, { "cve": "CVE-2022-27664", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2124669" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: handle server errors after sending GOAWAY", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-27664" }, { "category": "external", "summary": "RHBZ#2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664" }, { "category": "external", "summary": "https://go.dev/issue/54658", "url": "https://go.dev/issue/54658" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" } ], "release_date": "2022-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-15T19:58:09+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: handle server errors after sending GOAWAY" }, { "cve": "CVE-2022-30629", "cwe": { "id": "CWE-331", "name": "Insufficient Entropy" }, "discovery_date": "2022-06-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2092793" } ], "notes": [ { "category": "description", "text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: session tickets lack random ticket_age_add", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30629" }, { "category": "external", "summary": "RHBZ#2092793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg", "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg" } ], "release_date": "2022-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-15T19:58:09+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: crypto/tls: session tickets lack random ticket_age_add" }, { "cve": "CVE-2022-30630", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107371" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: io/fs: stack exhaustion in Glob", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30630" }, { "category": "external", "summary": "RHBZ#2107371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630" }, { "category": "external", "summary": "https://go.dev/issue/53415", "url": "https://go.dev/issue/53415" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-15T19:58:09+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: io/fs: stack exhaustion in Glob" }, { "cve": "CVE-2022-30632", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107386" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: path/filepath: stack exhaustion in Glob", "title": "Vulnerability summary" }, { "category": "other", "text": "The exploitation of this flaw will only result in a denial of service via the application crashing which is why this has been rated as moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30632" }, { "category": "external", "summary": "RHBZ#2107386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632" }, { "category": "external", "summary": "https://go.dev/issue/53416", "url": "https://go.dev/issue/53416" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-15T19:58:09+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: path/filepath: stack exhaustion in Glob" }, { "cve": "CVE-2022-30635", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107388" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/gob: stack exhaustion in Decoder.Decode", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30635" }, { "category": "external", "summary": "RHBZ#2107388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635" }, { "category": "external", "summary": "https://go.dev/issue/53615", "url": "https://go.dev/issue/53615" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-15T19:58:09+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/gob: stack exhaustion in Decoder.Decode" }, { "cve": "CVE-2022-32148", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107383" } ], "notes": [ { "category": "description", "text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32148" }, { "category": "external", "summary": "RHBZ#2107383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148" }, { "category": "external", "summary": "https://go.dev/issue/53423", "url": "https://go.dev/issue/53423" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-15T19:58:09+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working" }, { "cve": "CVE-2022-32189", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2113814" } ], "notes": [ { "category": "description", "text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32189" }, { "category": "external", "summary": "RHBZ#2113814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189" }, { "category": "external", "summary": "https://go.dev/issue/53871", "url": "https://go.dev/issue/53871" }, { "category": "external", "summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU", "url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU" } ], "release_date": "2022-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-15T19:58:09+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1275" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service" }, { "acknowledgments": [ { "names": [ "Adam Korczynski" ], "organization": "ADA Logics" }, { "names": [ "OSS-Fuzz" ] } ], "cve": "CVE-2022-41715", "discovery_date": "2022-10-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132872" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: regexp/syntax: limit memory used by parsing regexps", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41715" }, { "category": "external", "summary": "RHBZ#2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715" }, { "category": "external", "summary": "https://github.com/golang/go/issues/55949", "url": "https://github.com/golang/go/issues/55949" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-15T19:58:09+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: regexp/syntax: limit memory used by parsing regexps" }, { "cve": "CVE-2022-41717", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2161274" } ], "notes": [ { "category": "description", "text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests", "title": "Vulnerability summary" }, { "category": "other", "text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41717" }, { "category": "external", "summary": "RHBZ#2161274", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717" }, { "category": "external", "summary": "https://go.dev/cl/455635", "url": "https://go.dev/cl/455635" }, { "category": "external", "summary": "https://go.dev/cl/455717", "url": "https://go.dev/cl/455717" }, { "category": "external", "summary": "https://go.dev/issue/56350", "url": "https://go.dev/issue/56350" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2022-1144", "url": "https://pkg.go.dev/vuln/GO-2022-1144" } ], "release_date": "2022-11-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-15T19:58:09+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src", "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests" } ] }
rhsa-2023_0328
Vulnerability from csaf_redhat
Published
2023-01-23 15:26
Modified
2025-01-06 19:22
Summary
Red Hat Security Advisory: go-toolset and golang security and bug fix update
Notes
Topic
An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
The golang packages provide the Go programming language compiler.
Security Fix(es):
* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Internal linking fails on ppc64le (BZ#2144547)
* crypto testcases fail on golang on s390x [rhel-9] (BZ#2149311)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.\n\nThe golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Internal linking fails on ppc64le (BZ#2144547)\n\n* crypto testcases fail on golang on s390x [rhel-9] (BZ#2149311)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:0328", "url": "https://access.redhat.com/errata/RHSA-2023:0328" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2132867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867" }, { "category": "external", "summary": "2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "2149311", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149311" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0328.json" } ], "title": "Red Hat Security Advisory: go-toolset and golang security and bug fix update", "tracking": { "current_release_date": "2025-01-06T19:22:17+00:00", "generator": { "date": "2025-01-06T19:22:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.5" } }, "id": "RHSA-2023:0328", "initial_release_date": "2023-01-23T15:26:30+00:00", "revision_history": [ { "date": "2023-01-23T15:26:30+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-01-23T15:26:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-01-06T19:22:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "go-toolset-0:1.18.9-1.el9_1.src", "product": { "name": "go-toolset-0:1.18.9-1.el9_1.src", "product_id": "go-toolset-0:1.18.9-1.el9_1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/go-toolset@1.18.9-1.el9_1?arch=src" } } }, { "category": "product_version", "name": "golang-0:1.18.9-1.el9_1.src", "product": { "name": "golang-0:1.18.9-1.el9_1.src", "product_id": "golang-0:1.18.9-1.el9_1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang@1.18.9-1.el9_1?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "go-toolset-0:1.18.9-1.el9_1.aarch64", "product": { "name": "go-toolset-0:1.18.9-1.el9_1.aarch64", "product_id": "go-toolset-0:1.18.9-1.el9_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/go-toolset@1.18.9-1.el9_1?arch=aarch64" } } }, { "category": "product_version", "name": "golang-0:1.18.9-1.el9_1.aarch64", "product": { "name": "golang-0:1.18.9-1.el9_1.aarch64", "product_id": "golang-0:1.18.9-1.el9_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang@1.18.9-1.el9_1?arch=aarch64" } } }, { "category": "product_version", "name": "golang-bin-0:1.18.9-1.el9_1.aarch64", "product": { "name": "golang-bin-0:1.18.9-1.el9_1.aarch64", "product_id": "golang-bin-0:1.18.9-1.el9_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-bin@1.18.9-1.el9_1?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "go-toolset-0:1.18.9-1.el9_1.ppc64le", "product": { "name": "go-toolset-0:1.18.9-1.el9_1.ppc64le", "product_id": "go-toolset-0:1.18.9-1.el9_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/go-toolset@1.18.9-1.el9_1?arch=ppc64le" } } }, { "category": "product_version", "name": "golang-0:1.18.9-1.el9_1.ppc64le", "product": { "name": "golang-0:1.18.9-1.el9_1.ppc64le", "product_id": "golang-0:1.18.9-1.el9_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang@1.18.9-1.el9_1?arch=ppc64le" } } }, { "category": "product_version", "name": "golang-bin-0:1.18.9-1.el9_1.ppc64le", "product": { "name": "golang-bin-0:1.18.9-1.el9_1.ppc64le", "product_id": "golang-bin-0:1.18.9-1.el9_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-bin@1.18.9-1.el9_1?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "go-toolset-0:1.18.9-1.el9_1.x86_64", "product": { "name": "go-toolset-0:1.18.9-1.el9_1.x86_64", "product_id": "go-toolset-0:1.18.9-1.el9_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/go-toolset@1.18.9-1.el9_1?arch=x86_64" } } }, { "category": "product_version", "name": "golang-0:1.18.9-1.el9_1.x86_64", "product": { "name": "golang-0:1.18.9-1.el9_1.x86_64", "product_id": "golang-0:1.18.9-1.el9_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang@1.18.9-1.el9_1?arch=x86_64" } } }, { "category": "product_version", "name": "golang-bin-0:1.18.9-1.el9_1.x86_64", "product": { "name": "golang-bin-0:1.18.9-1.el9_1.x86_64", "product_id": "golang-bin-0:1.18.9-1.el9_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-bin@1.18.9-1.el9_1?arch=x86_64" } } }, { "category": "product_version", "name": "golang-race-0:1.18.9-1.el9_1.x86_64", "product": { "name": "golang-race-0:1.18.9-1.el9_1.x86_64", "product_id": "golang-race-0:1.18.9-1.el9_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-race@1.18.9-1.el9_1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "go-toolset-0:1.18.9-1.el9_1.s390x", "product": { "name": "go-toolset-0:1.18.9-1.el9_1.s390x", "product_id": "go-toolset-0:1.18.9-1.el9_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/go-toolset@1.18.9-1.el9_1?arch=s390x" } } }, { "category": "product_version", "name": "golang-0:1.18.9-1.el9_1.s390x", "product": { "name": "golang-0:1.18.9-1.el9_1.s390x", "product_id": "golang-0:1.18.9-1.el9_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang@1.18.9-1.el9_1?arch=s390x" } } }, { "category": "product_version", "name": "golang-bin-0:1.18.9-1.el9_1.s390x", "product": { "name": "golang-bin-0:1.18.9-1.el9_1.s390x", "product_id": "golang-bin-0:1.18.9-1.el9_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-bin@1.18.9-1.el9_1?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "golang-docs-0:1.18.9-1.el9_1.noarch", "product": { "name": "golang-docs-0:1.18.9-1.el9_1.noarch", "product_id": "golang-docs-0:1.18.9-1.el9_1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-docs@1.18.9-1.el9_1?arch=noarch" } } }, { "category": "product_version", "name": "golang-misc-0:1.18.9-1.el9_1.noarch", "product": { "name": "golang-misc-0:1.18.9-1.el9_1.noarch", "product_id": "golang-misc-0:1.18.9-1.el9_1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-misc@1.18.9-1.el9_1?arch=noarch" } } }, { "category": "product_version", "name": "golang-src-0:1.18.9-1.el9_1.noarch", "product": { "name": "golang-src-0:1.18.9-1.el9_1.noarch", "product_id": "golang-src-0:1.18.9-1.el9_1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-src@1.18.9-1.el9_1?arch=noarch" } } }, { "category": "product_version", "name": "golang-tests-0:1.18.9-1.el9_1.noarch", "product": { "name": "golang-tests-0:1.18.9-1.el9_1.noarch", "product_id": "golang-tests-0:1.18.9-1.el9_1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-tests@1.18.9-1.el9_1?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "go-toolset-0:1.18.9-1.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64" }, "product_reference": "go-toolset-0:1.18.9-1.el9_1.aarch64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "go-toolset-0:1.18.9-1.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le" }, "product_reference": "go-toolset-0:1.18.9-1.el9_1.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "go-toolset-0:1.18.9-1.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x" }, "product_reference": "go-toolset-0:1.18.9-1.el9_1.s390x", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "go-toolset-0:1.18.9-1.el9_1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src" }, "product_reference": "go-toolset-0:1.18.9-1.el9_1.src", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "go-toolset-0:1.18.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64" }, "product_reference": "go-toolset-0:1.18.9-1.el9_1.x86_64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "golang-0:1.18.9-1.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64" }, "product_reference": "golang-0:1.18.9-1.el9_1.aarch64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "golang-0:1.18.9-1.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le" }, "product_reference": "golang-0:1.18.9-1.el9_1.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "golang-0:1.18.9-1.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x" }, "product_reference": "golang-0:1.18.9-1.el9_1.s390x", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "golang-0:1.18.9-1.el9_1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src" }, "product_reference": "golang-0:1.18.9-1.el9_1.src", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "golang-0:1.18.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64" }, "product_reference": "golang-0:1.18.9-1.el9_1.x86_64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "golang-bin-0:1.18.9-1.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64" }, "product_reference": "golang-bin-0:1.18.9-1.el9_1.aarch64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "golang-bin-0:1.18.9-1.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le" }, "product_reference": "golang-bin-0:1.18.9-1.el9_1.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "golang-bin-0:1.18.9-1.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x" }, "product_reference": "golang-bin-0:1.18.9-1.el9_1.s390x", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "golang-bin-0:1.18.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64" }, "product_reference": "golang-bin-0:1.18.9-1.el9_1.x86_64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "golang-docs-0:1.18.9-1.el9_1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch" }, "product_reference": "golang-docs-0:1.18.9-1.el9_1.noarch", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "golang-misc-0:1.18.9-1.el9_1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch" }, "product_reference": "golang-misc-0:1.18.9-1.el9_1.noarch", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "golang-race-0:1.18.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64" }, "product_reference": "golang-race-0:1.18.9-1.el9_1.x86_64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "golang-src-0:1.18.9-1.el9_1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch" }, "product_reference": "golang-src-0:1.18.9-1.el9_1.noarch", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "golang-tests-0:1.18.9-1.el9_1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch" }, "product_reference": "golang-tests-0:1.18.9-1.el9_1.noarch", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Adam Korczynski" ], "organization": "ADA Logics" }, { "names": [ "OSS-Fuzz" ] } ], "cve": "CVE-2022-2879", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132867" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: archive/tar: unbounded memory consumption when reading headers", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src", "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch" ], "known_not_affected": [ "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2879" }, { "category": "external", "summary": "RHBZ#2132867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879" }, { "category": "external", "summary": "https://github.com/golang/go/issues/54853", "url": "https://github.com/golang/go/issues/54853" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-23T15:26:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src", "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0328" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src", "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: archive/tar: unbounded memory consumption when reading headers" }, { "acknowledgments": [ { "names": [ "Daniel Abeles" ], "organization": "Head of Research, Oxeye" }, { "names": [ "Gal Goldstein" ], "organization": "Security Researcher, Oxeye" } ], "cve": "CVE-2022-2880", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src", "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132868" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.", "title": "Vulnerability description" }, { "category": "summary