RHSA-2023:4003: Moderate: Red Hat Service Interconnect 1.4 Release security update
First published: Mon Jul 10 2023(Updated: )
As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site.<br>Security Fix(es):<br><li> golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)</li> <li> golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)</li> <li> golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)</li> <li> golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)</li> <li> net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)</li> <li> golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)</li> <li> golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)</li> <li> golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)</li> <li> golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)</li> <li> golang: go/parser: Infinite loop in parsing (CVE-2023-24537)</li> <li> golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)</li> <li> golang: html/template: improper sanitization of CSS values (CVE-2023-24539)</li> <li> golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Red Hat Application Interconnect | ||
| redhat/jsoncpp | <1.9.4-3.el9 | 1.9.4-3.el9 |
| redhat/libwebsockets | <4.3.1-1.el9a | 4.3.1-1.el9a |
| redhat/qpid-proton | <0.37.0-2.el9a | 0.37.0-2.el9a |
| redhat/skupper-cli | <1.4.1-2.el9 | 1.4.1-2.el9 |
| redhat/skupper-router | <2.4.1-2.el9 | 2.4.1-2.el9 |
| redhat/jsoncpp | <1.9.4-3.el9 | 1.9.4-3.el9 |
| redhat/jsoncpp-debuginfo | <1.9.4-3.el9 | 1.9.4-3.el9 |
| redhat/jsoncpp-debugsource | <1.9.4-3.el9 | 1.9.4-3.el9 |
| redhat/jsoncpp-devel | <1.9.4-3.el9 | 1.9.4-3.el9 |
| redhat/libwebsockets-debuginfo | <4.3.1-1.el9a | 4.3.1-1.el9a |
| redhat/libwebsockets-debugsource | <4.3.1-1.el9a | 4.3.1-1.el9a |
| redhat/libwebsockets-devel | <4.3.1-1.el9a | 4.3.1-1.el9a |
| redhat/python3-qpid-proton | <0.37.0-2.el9a | 0.37.0-2.el9a |
| redhat/python3-qpid-proton-debuginfo | <0.37.0-2.el9a | 0.37.0-2.el9a |
| redhat/qpid-proton-c | <0.37.0-2.el9a | 0.37.0-2.el9a |
| redhat/qpid-proton-c-debuginfo | <0.37.0-2.el9a | 0.37.0-2.el9a |
| redhat/qpid-proton-c-devel | <0.37.0-2.el9a | 0.37.0-2.el9a |
| redhat/qpid-proton-cpp | <0.37.0-2.el9a | 0.37.0-2.el9a |
| redhat/qpid-proton-cpp-debuginfo | <0.37.0-2.el9a | 0.37.0-2.el9a |
| redhat/qpid-proton-cpp-devel | <0.37.0-2.el9a | 0.37.0-2.el9a |
| redhat/qpid-proton-debuginfo | <0.37.0-2.el9a | 0.37.0-2.el9a |
| redhat/qpid-proton-debugsource | <0.37.0-2.el9a | 0.37.0-2.el9a |
| redhat/skupper-cli | <1.4.1-2.el9 | 1.4.1-2.el9 |
| redhat/skupper-router | <2.4.1-2.el9 | 2.4.1-2.el9 |
| redhat/skupper-router-common | <2.4.1-2.el9 | 2.4.1-2.el9 |
| redhat/skupper-router-debuginfo | <2.4.1-2.el9 | 2.4.1-2.el9 |
| redhat/skupper-router-debugsource | <2.4.1-2.el9 | 2.4.1-2.el9 |
| redhat/skupper-router-docs | <2.4.1-2.el9 | 2.4.1-2.el9 |
| redhat/skupper-router-tools | <2.4.1-2.el9 | 2.4.1-2.el9 |
| redhat/libwebsockets | <4.3.1-1.el8a | 4.3.1-1.el8a |
| redhat/qpid-proton | <0.37.0-2.el8a | 0.37.0-2.el8a |
| redhat/skupper-cli | <1.4.1-2.el8 | 1.4.1-2.el8 |
| redhat/skupper-router | <2.4.1-2.el8 | 2.4.1-2.el8 |
| redhat/libwebsockets-debuginfo | <4.3.1-1.el8a | 4.3.1-1.el8a |
| redhat/libwebsockets-debugsource | <4.3.1-1.el8a | 4.3.1-1.el8a |
| redhat/libwebsockets-devel | <4.3.1-1.el8a | 4.3.1-1.el8a |
| redhat/python3-qpid-proton | <0.37.0-2.el8a | 0.37.0-2.el8a |
| redhat/python3-qpid-proton-debuginfo | <0.37.0-2.el8a | 0.37.0-2.el8a |
| redhat/qpid-proton-c | <0.37.0-2.el8a | 0.37.0-2.el8a |
| redhat/qpid-proton-c-debuginfo | <0.37.0-2.el8a | 0.37.0-2.el8a |
| redhat/qpid-proton-c-devel | <0.37.0-2.el8a | 0.37.0-2.el8a |
| redhat/qpid-proton-cpp-debuginfo | <0.37.0-2.el8a | 0.37.0-2.el8a |
| redhat/qpid-proton-debuginfo | <0.37.0-2.el8a | 0.37.0-2.el8a |
| redhat/qpid-proton-debugsource | <0.37.0-2.el8a | 0.37.0-2.el8a |
| redhat/skupper-cli | <1.4.1-2.el8 | 1.4.1-2.el8 |
| redhat/skupper-router | <2.4.1-2.el8 | 2.4.1-2.el8 |
| redhat/skupper-router-common | <2.4.1-2.el8 | 2.4.1-2.el8 |
| redhat/skupper-router-debuginfo | <2.4.1-2.el8 | 2.4.1-2.el8 |
| redhat/skupper-router-debugsource | <2.4.1-2.el8 | 2.4.1-2.el8 |
| redhat/skupper-router-docs | <2.4.1-2.el8 | 2.4.1-2.el8 |
| redhat/skupper-router-tools | <2.4.1-2.el8 | 2.4.1-2.el8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2023:4003 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi?id=2077689
- https://bugzilla.redhat.com/show_bug.cgi?id=2132867
- https://bugzilla.redhat.com/show_bug.cgi?id=2132868
- https://bugzilla.redhat.com/show_bug.cgi?id=2132872
- https://bugzilla.redhat.com/show_bug.cgi?id=2178358
- https://bugzilla.redhat.com/show_bug.cgi?id=2178488
- https://bugzilla.redhat.com/show_bug.cgi?id=2178492
- https://bugzilla.redhat.com/show_bug.cgi?id=2184481
- https://bugzilla.redhat.com/show_bug.cgi?id=2184482
- https://bugzilla.redhat.com/show_bug.cgi?id=2184483
- https://bugzilla.redhat.com/show_bug.cgi?id=2184484
- https://bugzilla.redhat.com/show_bug.cgi?id=2196026
- https://bugzilla.redhat.com/show_bug.cgi?id=2196029
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_service_interconnect
Frequently Asked Questions
What is the severity of RHSA-2023:4003?
The severity of RHSA-2023:4003 is not explicitly mentioned in the advisory, but it typically addresses important security vulnerabilities.
How do I fix RHSA-2023:4003?
To fix RHSA-2023:4003, update the affected Red Hat Application Interconnect packages to the recommended versions specified in the advisory.
Which packages are affected by RHSA-2023:4003?
Affected packages in RHSA-2023:4003 include jsoncpp, libwebsockets, qpid-proton, skupper-cli, and skupper-router, among others.
Is there a workaround for RHSA-2023:4003?
There are generally no workarounds provided for RHSA-2023:4003; the recommended action is to apply the updates.
Does RHSA-2023:4003 affect all Kubernetes clusters?
RHSA-2023:4003 specifically affects users of Red Hat Application Interconnect within Kubernetes environments.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata-latest
- anchor-id/RHSA-2023:4003
- collector/redhat-errata
- source/Red Hat
- agent/software-canonical-lookup
- vendor/red hat
- canonical/red hat red hat application interconnect
- package-manager/redhat