Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-25725 (GCVE-0-2023-25725)
Vulnerability from cvelistv5 – Published: 2023-02-14 00:00 – Updated: 2025-03-20 19:14
VLAI
EPSS
Summary
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.
Severity
9.1 (Critical)
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.haproxy.org/ | |
| https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=co… | |
| https://lists.debian.org/debian-lts-announce/2023… | mailing-list |
| https://www.debian.org/security/2023/dsa-5348 | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:11.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.haproxy.org/"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112"
},
{
"name": "[debian-lts-announce] 20230214 [SECURITY] [DLA 3318-1] haproxy security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html"
},
{
"name": "DSA-5348",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5348"
},
{
"name": "FEDORA-2023-7e04833463",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/"
},
{
"name": "FEDORA-2023-3e8a21cd5b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-25725",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T19:12:55.507416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T19:14:03.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-25T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.haproxy.org/"
},
{
"url": "https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112"
},
{
"name": "[debian-lts-announce] 20230214 [SECURITY] [DLA 3318-1] haproxy security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html"
},
{
"name": "DSA-5348",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5348"
},
{
"name": "FEDORA-2023-7e04833463",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/"
},
{
"name": "FEDORA-2023-3e8a21cd5b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-25725",
"datePublished": "2023-02-14T00:00:00.000Z",
"dateReserved": "2023-02-13T00:00:00.000Z",
"dateUpdated": "2025-03-20T19:14:03.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-25725",
"date": "2026-05-26",
"epss": "0.17535",
"percentile": "0.95172"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.31\", \"matchCriteriaId\": \"5F291108-797E-4521-9309-9EB636C7D67E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.1.0\", \"versionEndExcluding\": \"2.2.29\", \"matchCriteriaId\": \"7D2C9AFB-4C4F-4641-B5B2-588D486EE0A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.3.0\", \"versionEndExcluding\": \"2.4.22\", \"matchCriteriaId\": \"6D101B93-F6E0-450C-B72B-477170BE6976\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.5.0\", \"versionEndExcluding\": \"2.5.12\", \"matchCriteriaId\": \"68F54E28-B550-4CBF-9856-70A8596F3C98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.6.0\", \"versionEndExcluding\": \"2.6.9\", \"matchCriteriaId\": \"89FA706D-9EC7-4484-A5A4-4CB97B5194AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.7.0\", \"versionEndExcluding\": \"2.7.3\", \"matchCriteriaId\": \"32B5DC1B-FD58-4050-8D84-31A381B89E90\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka \\\"request smuggling.\\\" The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.\"}]",
"id": "CVE-2023-25725",
"lastModified": "2024-11-21T07:50:01.400",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}]}",
"published": "2023-02-14T19:15:11.530",
"references": "[{\"url\": \"https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5348\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.haproxy.org/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\"]}, {\"url\": \"https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5348\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.haproxy.org/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-25725\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-02-14T19:15:11.530\",\"lastModified\":\"2025-03-20T20:15:29.773\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka \\\"request smuggling.\\\" The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.31\",\"matchCriteriaId\":\"5F291108-797E-4521-9309-9EB636C7D67E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.1.0\",\"versionEndExcluding\":\"2.2.29\",\"matchCriteriaId\":\"7D2C9AFB-4C4F-4641-B5B2-588D486EE0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndExcluding\":\"2.4.22\",\"matchCriteriaId\":\"6D101B93-F6E0-450C-B72B-477170BE6976\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5.0\",\"versionEndExcluding\":\"2.5.12\",\"matchCriteriaId\":\"68F54E28-B550-4CBF-9856-70A8596F3C98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndExcluding\":\"2.6.9\",\"matchCriteriaId\":\"89FA706D-9EC7-4484-A5A4-4CB97B5194AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.3\",\"matchCriteriaId\":\"32B5DC1B-FD58-4050-8D84-31A381B89E90\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5348\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.haproxy.org/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5348\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.haproxy.org/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.haproxy.org/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html\", \"name\": \"[debian-lts-announce] 20230214 [SECURITY] [DLA 3318-1] haproxy security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5348\", \"name\": \"DSA-5348\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/\", \"name\": \"FEDORA-2023-7e04833463\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/\", \"name\": \"FEDORA-2023-3e8a21cd5b\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T11:32:11.848Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-25725\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-20T19:12:55.507416Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-20T19:11:43.189Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.haproxy.org/\"}, {\"url\": \"https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html\", \"name\": \"[debian-lts-announce] 20230214 [SECURITY] [DLA 3318-1] haproxy security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5348\", \"name\": \"DSA-5348\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/\", \"name\": \"FEDORA-2023-7e04833463\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/\", \"name\": \"FEDORA-2023-3e8a21cd5b\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka \\\"request smuggling.\\\" The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-02-25T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-25725\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-20T19:14:03.000Z\", \"dateReserved\": \"2023-02-13T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-02-14T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
alsa-2023:1696
Vulnerability from osv_almalinux
Published
2023-04-11 00:00
Modified
2023-04-20 14:00
Summary
Moderate: haproxy security update
Details
The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.
Security Fix(es):
- haproxy: segfault DoS (CVE-2023-0056)
- haproxy: request smuggling attack in HTTP/1 header parsing (CVE-2023-25725)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "haproxy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.17-3.el9_1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.\n\nSecurity Fix(es):\n\n* haproxy: segfault DoS (CVE-2023-0056)\n* haproxy: request smuggling attack in HTTP/1 header parsing (CVE-2023-25725)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:1696",
"modified": "2023-04-20T14:00:39Z",
"published": "2023-04-11T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:1696"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0056"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25725"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2160808"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2169089"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-1696.html"
}
],
"related": [
"CVE-2023-0056",
"CVE-2023-25725"
],
"summary": "Moderate: haproxy security update"
}
BDU:2023-00758
Vulnerability from fstec - Published: 14.02.2023
VLAI
Title
Уязвимость серверного программного обеспечения HAProxy, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнять атаку «контрабанда HTTP-запросов»
Description
Уязвимость серверного программного обеспечения HAProxy связана с недостатками обработки HTTP-запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнять атаку «контрабанда HTTP-запросов»
Severity
Vendor
Canonical Ltd., ООО «РусБИТех-Астра», Red Hat Inc., Сообщество свободного программного обеспечения, Novell Inc., ООО «Ред Софт», Willy Terreau, АО «НТЦ ИТ РОСА», АО "НППКТ", АО «ИВК»
Software Name
Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Enterprise Linux, Debian GNU/Linux, Red Hat Software Collections, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), openSUSE Tumbleweed, OpenShift Container Platform, SUSE Linux Enterprise High Availability Extension, РЕД ОС (запись в едином реестре российских программ №3751), SUSE Linux Enterprise Micro, openSUSE Leap Micro, HAProxy, Red Hat Ceph Storage, РОСА ХРОМ (запись в едином реестре российских программ №1607), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), АЛЬТ СП 10
Software Version
18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), - (Red Hat Software Collections), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), - (openSUSE Tumbleweed), 4 (OpenShift Container Platform), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 15 SP3 (SUSE Linux Enterprise High Availability Extension), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 15 SP1 (SUSE Linux Enterprise High Availability Extension), 4.7 (Astra Linux Special Edition), 22.10 (Ubuntu), 5.3 (SUSE Linux Enterprise Micro), 5.3 (openSUSE Leap Micro), 15 SP2 (SUSE Linux Enterprise High Availability Extension), от 2.0.0 до 2.0.31 (HAProxy), от 2.2.0 до 2.2.29 (HAProxy), от 2.4.0 до 2.4.22 (HAProxy), от 2.5.0 до 2.5.12 (HAProxy), от 2.6.0 до 2.6.9 (HAProxy), от 2.7.0 до 2.7.3 (HAProxy), от 2.8 до 2.8-dev4 (HAProxy), 15 SP4 (SUSE Linux Enterprise High Availability Extension), 5 (Red Hat Ceph Storage), 12.4 (РОСА ХРОМ), до 2.8 (ОСОН ОСнова Оnyx), - (АЛЬТ СП 10)
Possible Mitigations
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
- использование средств межсетевого экранирования уровня веб-приложений;
- предотвратить возможность контрабанды HTTP-запросов можно путем задания в конфигурации следующего правила:
http-request deny if { fc_http_major 1 } !{ req.body_size 0 } !{ req.hdr(content-length) -m found } !{ req.hdr(transfer-encoding) -m found } !{ method CONNECT }.
Использование рекомендаций:
Для HAProxy:
https://www.haproxy.org/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2023-25725
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2023-25725.html
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2023-25725
Для Ubuntu:
https://ubuntu.com/security/notices/USN-5869-1
Для ОС Astra Linux Special Edition 1.7:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17
Для РЕД ОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Astra Linux Special Edition 4.7 для архитектуры ARM:
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения haproxy до версии 1.8.19-1+deb10u4
Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства
Для Astra Linux 1.6 «Смоленск»:
обновить пакет haproxy до 2.2.29-2astra13 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16
Для ОС Astra Linux:
обновить пакет haproxy до 2.2.32-5astra14 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81
Для операционной системы РОСА ХРОМ: https://abf.rosa.ru/advisories/ROSA-SA-2024-2400
Reference
https://access.redhat.com/security/cve/cve-2023-25725
https://nvd.nist.gov/vuln/detail/CVE-2023-25725
https://www.haproxy.org/
https://security-tracker.debian.org/tracker/CVE-2023-25725
https://www.debian.org/security/2023/dsa-5348
https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html
https://ubuntu.com/security/notices/USN-5869-1
https://www.suse.com/security/cve/CVE-2023-25725.html
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://redos.red-soft.ru/support/secure/
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/
https://altsp.su/obnovleniya-bezopasnosti/
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81
https://abf.rosa.ru/advisories/ROSA-SA-2024-2400
CWE
CWE-444
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Willy Terreau, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), - (Red Hat Software Collections), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), - (openSUSE Tumbleweed), 4 (OpenShift Container Platform), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 15 SP3 (SUSE Linux Enterprise High Availability Extension), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 15 SP1 (SUSE Linux Enterprise High Availability Extension), 4.7 (Astra Linux Special Edition), 22.10 (Ubuntu), 5.3 (SUSE Linux Enterprise Micro), 5.3 (openSUSE Leap Micro), 15 SP2 (SUSE Linux Enterprise High Availability Extension), \u043e\u0442 2.0.0 \u0434\u043e 2.0.31 (HAProxy), \u043e\u0442 2.2.0 \u0434\u043e 2.2.29 (HAProxy), \u043e\u0442 2.4.0 \u0434\u043e 2.4.22 (HAProxy), \u043e\u0442 2.5.0 \u0434\u043e 2.5.12 (HAProxy), \u043e\u0442 2.6.0 \u0434\u043e 2.6.9 (HAProxy), \u043e\u0442 2.7.0 \u0434\u043e 2.7.3 (HAProxy), \u043e\u0442 2.8 \u0434\u043e 2.8-dev4 (HAProxy), 15 SP4 (SUSE Linux Enterprise High Availability Extension), 5 (Red Hat Ceph Storage), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0440\u043e\u0432\u043d\u044f \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439;\n- \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u0430\u0431\u0430\u043d\u0434\u044b HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043c\u043e\u0436\u043d\u043e \u043f\u0443\u0442\u0435\u043c \u0437\u0430\u0434\u0430\u043d\u0438\u044f \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u043f\u0440\u0430\u0432\u0438\u043b\u0430:\nhttp-request deny if { fc_http_major 1 } !{ req.body_size 0 } !{ req.hdr(content-length) -m found } !{ req.hdr(transfer-encoding) -m found } !{ method CONNECT }.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f HAProxy:\nhttps://www.haproxy.org/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-25725\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2023-25725.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2023-25725\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-5869-1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17\n\n\u0414\u043b\u044f \u0420\u0415\u0414 \u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f haproxy \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.8.19-1+deb10u4\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u041b\u042c\u0422 \u0421\u041f 10: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 haproxy \u0434\u043e 2.2.29-2astra13 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 haproxy \u0434\u043e 2.2.32-5astra14 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosa.ru/advisories/ROSA-SA-2024-2400",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.02.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "05.03.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.02.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-00758",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-25725",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Enterprise Linux, Debian GNU/Linux, Red Hat Software Collections, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), openSUSE Tumbleweed, OpenShift Container Platform, SUSE Linux Enterprise High Availability Extension, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), SUSE Linux Enterprise Micro, openSUSE Leap Micro, HAProxy, Red Hat Ceph Storage, \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041b\u042c\u0422 \u0421\u041f 10",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Novell Inc. openSUSE Tumbleweed - , Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 22.10 , Novell Inc. openSUSE Leap Micro 5.3 , \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f HAProxy, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u00ab\u043a\u043e\u043d\u0442\u0440\u0430\u0431\u0430\u043d\u0434\u0430 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432\u00bb",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0446\u0438\u044f HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (\u0027\u041a\u043e\u043d\u0442\u0440\u0430\u0431\u0430\u043d\u0434\u0430 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432\u0027) (CWE-444)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f HAProxy \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u00ab\u043a\u043e\u043d\u0442\u0440\u0430\u0431\u0430\u043d\u0434\u0430 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432\u00bb",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/cve-2023-25725\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25725\nhttps://www.haproxy.org/\nhttps://security-tracker.debian.org/tracker/CVE-2023-25725\nhttps://www.debian.org/security/2023/dsa-5348\nhttps://lists.debian.org/debian-lts-announce/2023/02/msg00012.html\nhttps://ubuntu.com/security/notices/USN-5869-1\nhttps://www.suse.com/security/cve/CVE-2023-25725.html\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://redos.red-soft.ru/support/secure/\n\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81\nhttps://abf.rosa.ru/advisories/ROSA-SA-2024-2400",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-444",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
bit-haproxy-2023-25725
Vulnerability from bitnami_vulndb
Published
2024-03-06 10:53
Modified
2025-04-03 14:40
Summary
Details
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "haproxy",
"purl": "pkg:bitnami/haproxy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.31"
},
{
"introduced": "2.1.0"
},
{
"fixed": "2.2.29"
},
{
"introduced": "2.3.0"
},
{
"fixed": "2.4.22"
},
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.12"
},
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.9"
},
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.3"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2023-25725"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*"
],
"severity": "Critical"
},
"details": "HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.",
"id": "BIT-haproxy-2023-25725",
"modified": "2025-04-03T14:40:37.652Z",
"published": "2024-03-06T10:53:39.092Z",
"references": [
{
"type": "WEB",
"url": "https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5348"
},
{
"type": "WEB",
"url": "https://www.haproxy.org/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25725"
}
],
"schema_version": "1.5.0"
}
FKIE_CVE-2023-25725
Vulnerability from fkie_nvd - Published: 2023-02-14 19:15 - Updated: 2025-03-20 20:15
Severity
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112 | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/ | ||
| cve@mitre.org | https://www.debian.org/security/2023/dsa-5348 | Third Party Advisory | |
| cve@mitre.org | https://www.haproxy.org/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5348 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.haproxy.org/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F291108-797E-4521-9309-9EB636C7D67E",
"versionEndExcluding": "2.0.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D2C9AFB-4C4F-4641-B5B2-588D486EE0A9",
"versionEndExcluding": "2.2.29",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D101B93-F6E0-450C-B72B-477170BE6976",
"versionEndExcluding": "2.4.22",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68F54E28-B550-4CBF-9856-70A8596F3C98",
"versionEndExcluding": "2.5.12",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89FA706D-9EC7-4484-A5A4-4CB97B5194AB",
"versionEndExcluding": "2.6.9",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32B5DC1B-FD58-4050-8D84-31A381B89E90",
"versionEndExcluding": "2.7.3",
"versionStartIncluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31."
}
],
"id": "CVE-2023-25725",
"lastModified": "2025-03-20T20:15:29.773",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-02-14T19:15:11.530",
"references": [
{
"source": "cve@mitre.org",
"url": "https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5348"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.haproxy.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.haproxy.org/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-H2P2-W857-329F
Vulnerability from github – Published: 2023-02-14 21:30 – Updated: 2025-03-20 21:31
VLAI
Details
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.
Severity
9.1 (Critical)
{
"affected": [],
"aliases": [
"CVE-2023-25725"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-14T19:15:00Z",
"severity": "CRITICAL"
},
"details": "HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.",
"id": "GHSA-h2p2-w857-329f",
"modified": "2025-03-20T21:31:37Z",
"published": "2023-02-14T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25725"
},
{
"type": "WEB",
"url": "https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112"
},
{
"type": "WEB",
"url": "https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=a0e561ad7f29ed50c473f5a9da664267b60d1112"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5348"
},
{
"type": "WEB",
"url": "https://www.haproxy.org"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-25725
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-25725",
"id": "GSD-2023-25725",
"references": [
"https://www.debian.org/security/2023/dsa-5348",
"https://www.suse.com/security/cve/CVE-2023-25725.html",
"https://ubuntu.com/security/CVE-2023-25725"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-25725"
],
"details": "HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.",
"id": "GSD-2023-25725",
"modified": "2023-12-13T01:20:40.029143Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-25725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.haproxy.org/",
"refsource": "MISC",
"url": "https://www.haproxy.org/"
},
{
"name": "https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=a0e561ad7f29ed50c473f5a9da664267b60d1112",
"refsource": "CONFIRM",
"url": "https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=a0e561ad7f29ed50c473f5a9da664267b60d1112"
},
{
"name": "[debian-lts-announce] 20230214 [SECURITY] [DLA 3318-1] haproxy security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html"
},
{
"name": "DSA-5348",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2023/dsa-5348"
},
{
"name": "FEDORA-2023-7e04833463",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/"
},
{
"name": "FEDORA-2023-3e8a21cd5b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.3",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.9",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.5.12",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.4.22",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.29",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-25725"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.haproxy.org/",
"refsource": "MISC",
"tags": [
"Product"
],
"url": "https://www.haproxy.org/"
},
{
"name": "https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=a0e561ad7f29ed50c473f5a9da664267b60d1112",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=a0e561ad7f29ed50c473f5a9da664267b60d1112"
},
{
"name": "[debian-lts-announce] 20230214 [SECURITY] [DLA 3318-1] haproxy security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html"
},
{
"name": "DSA-5348",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5348"
},
{
"name": "FEDORA-2023-3e8a21cd5b",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/"
},
{
"name": "FEDORA-2023-7e04833463",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
},
"lastModifiedDate": "2023-02-25T06:15Z",
"publishedDate": "2023-02-14T19:15Z"
}
}
}
MSRC_CVE-2023-25725
Vulnerability from csaf_microsoft - Published: 2023-02-01 00:00 - Updated: 2023-06-28 00:00Summary
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3 the impact is limited because the headers disappear before being parsed and processed as if they had not been sent by the client. The fixed versions are 2.7.3 2.6.9 2.5.12 2.4.22 2.2.29 and 2.0.31.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
9.1 (Critical)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17966-16820 | — | ||
| Unresolved product id: 17967-17086 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2023-25725 HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3 the impact is limited because the headers disappear before being parsed and processed as if they had not been sent by the client. The fixed versions are 2.7.3 2.6.9 2.5.12 2.4.22 2.2.29 and 2.0.31. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-25725.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3 the impact is limited because the headers disappear before being parsed and processed as if they had not been sent by the client. The fixed versions are 2.7.3 2.6.9 2.5.12 2.4.22 2.2.29 and 2.0.31.",
"tracking": {
"current_release_date": "2023-06-28T00:00:00.000Z",
"generator": {
"date": "2025-10-20T00:15:36.620Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2023-25725",
"initial_release_date": "2023-02-01T00:00:00.000Z",
"revision_history": [
{
"date": "2023-02-20T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2023-06-28T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 haproxy 2.1.5-2",
"product": {
"name": "\u003ccm1 haproxy 2.1.5-2",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cm1 haproxy 2.1.5-2",
"product": {
"name": "cm1 haproxy 2.1.5-2",
"product_id": "17966"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 haproxy 2.4.22-1",
"product": {
"name": "\u003ccbl2 haproxy 2.4.22-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 haproxy 2.4.22-1",
"product": {
"name": "cbl2 haproxy 2.4.22-1",
"product_id": "17967"
}
}
],
"category": "product_name",
"name": "haproxy"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 haproxy 2.1.5-2 as a component of CBL Mariner 1.0",
"product_id": "16820-2"
},
"product_reference": "2",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 haproxy 2.1.5-2 as a component of CBL Mariner 1.0",
"product_id": "17966-16820"
},
"product_reference": "17966",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 haproxy 2.4.22-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 haproxy 2.4.22-1 as a component of CBL Mariner 2.0",
"product_id": "17967-17086"
},
"product_reference": "17967",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-25725",
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"17966-16820",
"17967-17086"
],
"known_affected": [
"16820-2",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-25725 HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3 the impact is limited because the headers disappear before being parsed and processed as if they had not been sent by the client. The fixed versions are 2.7.3 2.6.9 2.5.12 2.4.22 2.2.29 and 2.0.31. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-25725.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-20T00:00:00.000Z",
"details": "2.1.5-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-02-20T00:00:00.000Z",
"details": "2.4.22-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"16820-2",
"17086-1"
]
}
],
"title": "HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3 the impact is limited because the headers disappear before being parsed and processed as if they had not been sent by the client. The fixed versions are 2.7.3 2.6.9 2.5.12 2.4.22 2.2.29 and 2.0.31."
}
]
}
OPENSUSE-SU-2024:12686-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
haproxy-2.7.3+git0.1065b1000-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: haproxy-2.7.3+git0.1065b1000-1.1 on GA media
Description of the patch: These are all security issues fixed in the haproxy-2.7.3+git0.1065b1000-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12686
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.3 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "haproxy-2.7.3+git0.1065b1000-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the haproxy-2.7.3+git0.1065b1000-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12686",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12686-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25725 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25725/"
}
],
"title": "haproxy-2.7.3+git0.1065b1000-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12686-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "haproxy-2.7.3+git0.1065b1000-1.1.aarch64",
"product": {
"name": "haproxy-2.7.3+git0.1065b1000-1.1.aarch64",
"product_id": "haproxy-2.7.3+git0.1065b1000-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "haproxy-2.7.3+git0.1065b1000-1.1.ppc64le",
"product": {
"name": "haproxy-2.7.3+git0.1065b1000-1.1.ppc64le",
"product_id": "haproxy-2.7.3+git0.1065b1000-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "haproxy-2.7.3+git0.1065b1000-1.1.s390x",
"product": {
"name": "haproxy-2.7.3+git0.1065b1000-1.1.s390x",
"product_id": "haproxy-2.7.3+git0.1065b1000-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "haproxy-2.7.3+git0.1065b1000-1.1.x86_64",
"product": {
"name": "haproxy-2.7.3+git0.1065b1000-1.1.x86_64",
"product_id": "haproxy-2.7.3+git0.1065b1000-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-2.7.3+git0.1065b1000-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.aarch64"
},
"product_reference": "haproxy-2.7.3+git0.1065b1000-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-2.7.3+git0.1065b1000-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.ppc64le"
},
"product_reference": "haproxy-2.7.3+git0.1065b1000-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-2.7.3+git0.1065b1000-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.s390x"
},
"product_reference": "haproxy-2.7.3+git0.1065b1000-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-2.7.3+git0.1065b1000-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.x86_64"
},
"product_reference": "haproxy-2.7.3+git0.1065b1000-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-25725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25725"
}
],
"notes": [
{
"category": "general",
"text": "HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.aarch64",
"openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.ppc64le",
"openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.s390x",
"openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25725",
"url": "https://www.suse.com/security/cve/CVE-2023-25725"
},
{
"category": "external",
"summary": "SUSE Bug 1208132 for CVE-2023-25725",
"url": "https://bugzilla.suse.com/1208132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.aarch64",
"openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.ppc64le",
"openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.s390x",
"openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.aarch64",
"openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.ppc64le",
"openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.s390x",
"openSUSE Tumbleweed:haproxy-2.7.3+git0.1065b1000-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-25725"
}
]
}
RHBA-2023:1649
Vulnerability from csaf_redhat - Published: 2023-04-12 04:51 - Updated: 2026-04-30 16:19Summary
Red Hat Bug Fix Advisory: OpenShift Container Platform 4.11.35 packages and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.11.35 is now available with
updates to packages and images that fix several bugs.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.11.35. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHBA-2023:1650
All OpenShift Container Platform 4.11 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.
7.5 (High)
Affected products
Fixed
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypass filtering and detection by HAProxy.
8.2 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64 | — |
Threats
Impact
Important
References
14 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHBA-2023:1649 | self |
| https://issues.redhat.com/browse/OCPBUGS-11407 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2021-38561 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2100495 | external |
| https://www.cve.org/CVERecord?id=CVE-2021-38561 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2021-38561 | external |
| https://pkg.go.dev/vuln/GO-2021-0113 | external |
| https://access.redhat.com/security/cve/CVE-2023-25725 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2169089 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-25725 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-25725 | external |
| https://www.haproxy.com/blog/february-2023-header… | external |
| https://www.mail-archive.com/haproxy@formilux.org… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.11.35 is now available with\nupdates to packages and images that fix several bugs.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.11.35. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2023:1650\n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2023:1649",
"url": "https://access.redhat.com/errata/RHBA-2023:1649"
},
{
"category": "external",
"summary": "OCPBUGS-11407",
"url": "https://issues.redhat.com/browse/OCPBUGS-11407"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_1649.json"
}
],
"title": "Red Hat Bug Fix Advisory: OpenShift Container Platform 4.11.35 packages and security update",
"tracking": {
"current_release_date": "2026-04-30T16:19:48+00:00",
"generator": {
"date": "2026-04-30T16:19:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHBA-2023:1649",
"initial_release_date": "2023-04-12T04:51:26+00:00",
"revision_history": [
{
"date": "2023-04-12T04:51:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-04-12T04:51:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:19:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.11",
"product": {
"name": "Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.11::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"product": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"product_id": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"product": {
"name": "haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"product_id": "haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy@2.2.24-3.rhaos4.11.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"product": {
"name": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"product_id": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-372.51.1.rt7.208.el8_6?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"product": {
"name": "openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"product_id": "openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product_id": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product_id": "haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22@2.2.24-3.rhaos4.11.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product_id": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.24-3.rhaos4.11.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product_id": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.24-3.rhaos4.11.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-internal@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-internal@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-selftests-internal@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product_id": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product_id": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product_id": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product_id": "haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22@2.2.24-3.rhaos4.11.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product_id": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.24-3.rhaos4.11.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product_id": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.24-3.rhaos4.11.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"product_id": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product_id": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product_id": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product_id": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product_id": "haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22@2.2.24-3.rhaos4.11.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product_id": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.24-3.rhaos4.11.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product_id": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.24-3.rhaos4.11.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"product_id": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product_id": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product_id": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product_id": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"product": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"product_id": "haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22@2.2.24-3.rhaos4.11.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"product": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"product_id": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.24-3.rhaos4.11.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"product": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"product_id": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.24-3.rhaos4.11.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"product_id": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64"
},
"product_reference": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le"
},
"product_reference": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x"
},
"product_reference": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src"
},
"product_reference": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64"
},
"product_reference": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64"
},
"product_reference": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le"
},
"product_reference": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x"
},
"product_reference": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64"
},
"product_reference": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le"
},
"product_reference": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x"
},
"product_reference": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-0:2.2.24-3.rhaos4.11.el8.src as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src"
},
"product_reference": "haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64"
},
"product_reference": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le"
},
"product_reference": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x"
},
"product_reference": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64"
},
"product_reference": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64"
},
"product_reference": "haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le"
},
"product_reference": "haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x"
},
"product_reference": "haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64"
},
"product_reference": "haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64"
},
"product_reference": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le"
},
"product_reference": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x"
},
"product_reference": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64"
},
"product_reference": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src"
},
"product_reference": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src"
},
"product_reference": "openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-38561",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2022-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2100495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-38561"
},
{
"category": "external",
"summary": "RHBZ#2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2021-0113",
"url": "https://pkg.go.dev/vuln/GO-2021-0113"
}
],
"release_date": "2021-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T04:51:26+00:00",
"details": "See the following documentation, which will be updated shortly for this\nrelease, for important instructions on how to upgrade your cluster and\nfully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:1649"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS"
},
{
"cve": "CVE-2023-25725",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169089"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HAProxy\u0027s headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypass filtering and detection by HAProxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "haproxy: request smuggling attack in HTTP/1 header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform doesn\u0027t ship any haproxy code of its own and instead the openstack-haproxy-container consumes the `haproxy` RPM provided by RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64"
],
"known_not_affected": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25725"
},
{
"category": "external",
"summary": "RHBZ#2169089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169089"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25725",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25725"
},
{
"category": "external",
"summary": "https://www.haproxy.com/blog/february-2023-header-parser-fixed/",
"url": "https://www.haproxy.com/blog/february-2023-header-parser-fixed/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/haproxy@formilux.org/msg43229.html",
"url": "https://www.mail-archive.com/haproxy@formilux.org/msg43229.html"
}
],
"release_date": "2023-02-14T16:20:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T04:51:26+00:00",
"details": "See the following documentation, which will be updated shortly for this\nrelease, for important instructions on how to upgrade your cluster and\nfully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:1649"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "haproxy: request smuggling attack in HTTP/1 header parsing"
}
]
}
RHBA-2023_1649
Vulnerability from csaf_redhat - Published: 2023-04-12 04:51 - Updated: 2024-12-17 21:47Summary
Red Hat Bug Fix Advisory: OpenShift Container Platform 4.11.35 packages and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.11.35 is now available with
updates to packages and images that fix several bugs.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.11.35. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHBA-2023:1650
All OpenShift Container Platform 4.11 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.
7.5 (High)
Affected products
Fixed
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypass filtering and detection by HAProxy.
8.2 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64 | — |
Threats
Impact
Important
References
14 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHBA-2023:1649 | self |
| https://issues.redhat.com/browse/OCPBUGS-11407 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2021-38561 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2100495 | external |
| https://www.cve.org/CVERecord?id=CVE-2021-38561 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2021-38561 | external |
| https://pkg.go.dev/vuln/GO-2021-0113 | external |
| https://access.redhat.com/security/cve/CVE-2023-25725 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2169089 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-25725 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-25725 | external |
| https://www.haproxy.com/blog/february-2023-header… | external |
| https://www.mail-archive.com/haproxy@formilux.org… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.11.35 is now available with\nupdates to packages and images that fix several bugs.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.11.35. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2023:1650\n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2023:1649",
"url": "https://access.redhat.com/errata/RHBA-2023:1649"
},
{
"category": "external",
"summary": "OCPBUGS-11407",
"url": "https://issues.redhat.com/browse/OCPBUGS-11407"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_1649.json"
}
],
"title": "Red Hat Bug Fix Advisory: OpenShift Container Platform 4.11.35 packages and security update",
"tracking": {
"current_release_date": "2024-12-17T21:47:36+00:00",
"generator": {
"date": "2024-12-17T21:47:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHBA-2023:1649",
"initial_release_date": "2023-04-12T04:51:26+00:00",
"revision_history": [
{
"date": "2023-04-12T04:51:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-04-12T04:51:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T21:47:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.11",
"product": {
"name": "Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.11::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"product": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"product_id": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"product": {
"name": "haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"product_id": "haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy@2.2.24-3.rhaos4.11.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"product": {
"name": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"product_id": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-372.51.1.rt7.208.el8_6?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"product": {
"name": "openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"product_id": "openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product_id": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product_id": "haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22@2.2.24-3.rhaos4.11.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product_id": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.24-3.rhaos4.11.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product_id": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.24-3.rhaos4.11.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-internal@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-internal@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-selftests-internal@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-372.51.1.rt7.208.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product_id": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product_id": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product_id": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product_id": "haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22@2.2.24-3.rhaos4.11.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product_id": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.24-3.rhaos4.11.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product_id": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.24-3.rhaos4.11.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"product_id": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product_id": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product_id": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product_id": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product_id": "haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22@2.2.24-3.rhaos4.11.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product_id": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.24-3.rhaos4.11.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product_id": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.24-3.rhaos4.11.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"product_id": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product_id": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product_id": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product_id": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.5-2.rhaos4.11.gitb007cb6.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"product": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"product_id": "haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22@2.2.24-3.rhaos4.11.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"product": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"product_id": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.24-3.rhaos4.11.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"product": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"product_id": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.24-3.rhaos4.11.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"product_id": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64"
},
"product_reference": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le"
},
"product_reference": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x"
},
"product_reference": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src"
},
"product_reference": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64"
},
"product_reference": "cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64"
},
"product_reference": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le"
},
"product_reference": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x"
},
"product_reference": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64"
},
"product_reference": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le"
},
"product_reference": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x"
},
"product_reference": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-0:2.2.24-3.rhaos4.11.el8.src as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src"
},
"product_reference": "haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64"
},
"product_reference": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le"
},
"product_reference": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x"
},
"product_reference": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64"
},
"product_reference": "haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64"
},
"product_reference": "haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le"
},
"product_reference": "haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x"
},
"product_reference": "haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64"
},
"product_reference": "haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64"
},
"product_reference": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le"
},
"product_reference": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x"
},
"product_reference": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64"
},
"product_reference": "haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src"
},
"product_reference": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64"
},
"product_reference": "kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src"
},
"product_reference": "openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-38561",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2022-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2100495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-38561"
},
{
"category": "external",
"summary": "RHBZ#2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2021-0113",
"url": "https://pkg.go.dev/vuln/GO-2021-0113"
}
],
"release_date": "2021-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T04:51:26+00:00",
"details": "See the following documentation, which will be updated shortly for this\nrelease, for important instructions on how to upgrade your cluster and\nfully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:1649"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS"
},
{
"cve": "CVE-2023-25725",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169089"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HAProxy\u0027s headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypass filtering and detection by HAProxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "haproxy: request smuggling attack in HTTP/1 header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform doesn\u0027t ship any haproxy code of its own and instead the openstack-haproxy-container consumes the `haproxy` RPM provided by RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64"
],
"known_not_affected": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25725"
},
{
"category": "external",
"summary": "RHBZ#2169089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169089"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25725",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25725"
},
{
"category": "external",
"summary": "https://www.haproxy.com/blog/february-2023-header-parser-fixed/",
"url": "https://www.haproxy.com/blog/february-2023-header-parser-fixed/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/haproxy@formilux.org/msg43229.html",
"url": "https://www.mail-archive.com/haproxy@formilux.org/msg43229.html"
}
],
"release_date": "2023-02-14T16:20:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T04:51:26+00:00",
"details": "See the following documentation, which will be updated shortly for this\nrelease, for important instructions on how to upgrade your cluster and\nfully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:1649"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-2.rhaos4.11.gitb007cb6.el8.x86_64",
"8Base-RHOSE-4.11:haproxy-0:2.2.24-3.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy-debugsource-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:haproxy22-debuginfo-0:2.2.24-3.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.src",
"8Base-RHOSE-4.11:kernel-rt-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-core-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debug-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-devel-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-kvm-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-extra-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-modules-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:kernel-rt-selftests-internal-0:4.18.0-372.51.1.rt7.208.el8_6.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202304042055.p0.g8f6c8a6.assembly.stream.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "haproxy: request smuggling attack in HTTP/1 header parsing"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…