high
7
Advisory Published
Advisory Published

RHSA-2023:4335: Important: Security Update for cert-manager Operator for Red Hat OpenShift 1.10.3

First published: Tue Aug 08 2023(Updated: )

The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities<br>and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide<br>certificates-as-a-service to developers working within your Kubernetes cluster.<br>Security Fix(es):<br><li> golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)</li> <li> net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)</li> <li> golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)</li> <li> golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)</li> <li> golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)</li> <li> golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)</li> <li> golang: go/parser: Infinite loop in parsing (CVE-2023-24537)</li> <li> golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)</li> <li> golang: html/template: improper sanitization of CSS values (CVE-2023-24539)</li> <li> golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)</li>

Affected SoftwareAffected VersionHow to fix
Red Hat Cert Manager support for Red Hat OpenShift release

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of RHSA-2023:4335?

    The severity of RHSA-2023:4335 is high.

  • What is the affected software for RHSA-2023:4335?

    The affected software for RHSA-2023:4335 is Red Hat Cert Manager support for Red Hat OpenShift release.

  • Where can I find more information about RHSA-2023:4335?

    You can find more information about RHSA-2023:4335 on the Red Hat website: [RHSA-2023:4335](https://access.redhat.com/errata/RHSA-2023:4335)

  • How do I fix RHSA-2023:4335?

    To fix RHSA-2023:4335, apply the recommended security update provided by Red Hat.

  • Are there any known bugs related to RHSA-2023:4335?

    Yes, there are known bugs related to RHSA-2023:4335. You can find more information about the bugs on the Red Hat Bugzilla: [Bug 2178358](https://bugzilla.redhat.com/show_bug.cgi?id=2178358) and [Bug 2178488](https://bugzilla.redhat.com/show_bug.cgi?id=2178488)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203