Advisory Published

RHSA-2023:6839: Important: OpenShift Container Platform 4.14.2 security update

First published: Wed Nov 15 2023(Updated: )

Red Hat build of MicroShift is Red Hat's light-weight Kubernetes<br>orchestration solution designed for edge device deployments and is built<br>from the edge capabilities of Red Hat OpenShift. MicroShift is an<br>application that is deployed on top of Red Hat Enterprise Linux devices at<br>the edge, providing an efficient way to operate single-node clusters in<br>these low-resource environments.<br>This advisory contains the RPM packages for Red Hat build of MicroShift<br>4.14.2. Read the following advisory for the container images for this<br>release:<br><a href="https://access.redhat.com/errata/RHSA-2023:6837" target="_blank">https://access.redhat.com/errata/RHSA-2023:6837</a> All of the bug fixes may not be documented in this advisory. Read the<br>following release notes documentation for details about these changes:<br><a href="https://access.redhat.com/documentation/en-us/red_hat_build_of_microshift/4.14/html/release_notes/index" target="_blank">https://access.redhat.com/documentation/en-us/red_hat_build_of_microshift/4.14/html/release_notes/index</a> Security Fix(es):<br><li> golang: net/http, x/net/http2: rapid stream resets can cause excessive</li> work (CVE-2023-44487) (CVE-2023-39325)<br><li> HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS</li> attack (Rapid Reset Attack) (CVE-2023-44487)<br>For more details about the security issue(s), including the impact, a CVSS<br>score, acknowledgments, and other related information, refer to the CVE<br>page(s)<br>listed in the References section.

Affected SoftwareAffected VersionHow to fix
redhat/microshift<4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9
4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9
redhat/microshift<4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9
4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9
redhat/microshift-greenboot<4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9
4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9
redhat/microshift-networking<4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9
4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9
redhat/microshift-release-info<4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9
4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9
redhat/microshift-selinux<4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9
4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9
redhat/microshift<4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9.aa
4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9.aa
redhat/microshift-networking<4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9.aa
4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9.aa

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203