- Vulnerability/
- RHSA-2023:1042
RHSA-2023:1042: Moderate: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates)
First published: Mon Mar 06 2023(Updated: )
The Custom Metrics Autoscaler Operator for Red Hat OpenShift is an optional<br>operator, based on the Kubernetes Event Driven Autoscaler (KEDA), that allows workloads to be scaled using additional metrics sources other than pod metrics.<br>This release builds upon updated compiler, runtime library, and base images for the purpose of resolving any potential security issues present in previous toolset versions.<br>This version makes use of newer tools and libraries to address the following issues:<br>golang: net/<a href="http:" target="_blank">http:</a> improper sanitization of Transfer-Encoding header (CVE-2022-1705)<br>golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)<br>golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)<br>golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)<br>golang: net/<a href="http:" target="_blank">http:</a> handle server errors after sending GOAWAY (CVE-2022-27664)<br>golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)<br>golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)<br>golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)<br>golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)<br>golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)<br>golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)<br>golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)<br>golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)<br>golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)<br>golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2077689
- https://bugzilla.redhat.com/show_bug.cgi?id=2100763
- https://bugzilla.redhat.com/show_bug.cgi?id=2107342
- https://bugzilla.redhat.com/show_bug.cgi?id=2107371
- https://bugzilla.redhat.com/show_bug.cgi?id=2107374
- https://bugzilla.redhat.com/show_bug.cgi?id=2107376
- https://bugzilla.redhat.com/show_bug.cgi?id=2107383
- https://bugzilla.redhat.com/show_bug.cgi?id=2107386
- https://bugzilla.redhat.com/show_bug.cgi?id=2107388
- https://bugzilla.redhat.com/show_bug.cgi?id=2107390
- https://bugzilla.redhat.com/show_bug.cgi?id=2107392
- https://bugzilla.redhat.com/show_bug.cgi?id=2113945
- https://bugzilla.redhat.com/show_bug.cgi?id=2118404
- https://bugzilla.redhat.com/show_bug.cgi?id=2124669
- https://bugzilla.redhat.com/show_bug.cgi?id=2132867
- https://bugzilla.redhat.com/show_bug.cgi?id=2132868
- https://bugzilla.redhat.com/show_bug.cgi?id=2132872
- https://bugzilla.redhat.com/show_bug.cgi?id=2134010
- https://issues.redhat.com/browse/OCPNODE-1260
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/errata/RHSA-2023:1042 (Advisory)
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2023:1042
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type