access.redhat.com
Open in
urlscan Pro
2a02:26f0:3100::210:6ecb
Public Scan
URL:
https://access.redhat.com/errata/RHSA-2024:4057
Submission: On July 16 via api from BE — Scanned from DE
Submission: On July 16 via api from BE — Scanned from DE
Form analysis
1 forms found in the DOMName: topSearchForm — GET /search/browse/search/
<form class="ng-pristine ng-valid topSearchForm" id="topSearchForm" name="topSearchForm" action="/search/browse/search/" method="get" enctype="application/x-www-form-urlencoded">
<cp-search-autocomplete class="push-bottom PFElement" path="/webassets/avalon/j/data.json" num-items="5" placeholder="Enter your search term" pfelement="" type="container"></cp-search-autocomplete>
<div> Or <a href="/support/cases/#/troubleshoot">troubleshoot an issue</a>. </div>
</form>
Text Content
Note: Our personalized web services require that your browser be enabled for JavaScript and cookies Skip to navigation Skip to main content UTILITIES * Subscriptions * Downloads * Red Hat Console * Get Support * Subscriptions * Downloads * Red Hat Console * Get Support * Products TOP PRODUCTS * Red Hat Enterprise Linux * Red Hat OpenShift * Red Hat Ansible Automation Platform All Products DOWNLOADS AND CONTAINERS * Downloads * Packages * Containers TOP RESOURCES * Documentation * Product Life Cycles * Product Compliance * Errata * Knowledge RED HAT KNOWLEDGE CENTER * Knowledgebase Solutions * Knowledgebase Articles * Customer Portal Labs * Errata TOP PRODUCT DOCS * Red Hat Enterprise Linux * Red Hat OpenShift * Red Hat Ansible Automation Platform All Product Docs TRAINING AND CERTIFICATION * About * Course Index * Certification Index * Skill Assessment * Security RED HAT PRODUCT SECURITY CENTER * Security Updates * Security Advisories * Red Hat CVE Database * Errata REFERENCES * Security Bulletins * Security Classifications * Severety Ratings * Security Data TOP RESOURCES * Security Labs * Backporting Policies * Security Blog * Support RED HAT SUPPORT * Support Cases * Troubleshoot * Get Support * Contact Red Hat Support RED HAT COMMUNITY SUPPORT * Customer Portal Community * Community Discussions * Customer Portal Announcements * Red Hat Accelerator Program TOP RESOURCES * Product Life Cycles * Customer Portal Labs * Red Hat JBoss Supported Configurations * Red Hat Insights Or troubleshoot an issue. English SELECT YOUR LANGUAGE * English * Français * 한국어 * 日本語 * 中文 (中国) Infrastructure and Management * Red Hat Enterprise Linux * Red Hat Satellite * Red Hat Subscription Management * Red Hat Insights * Red Hat Ansible Automation Platform Cloud Computing * Red Hat OpenShift * Red Hat OpenStack Platform * Red Hat OpenShift * Red Hat OpenShift AI * Red Hat OpenShift Dedicated * Red Hat Advanced Cluster Security for Kubernetes * Red Hat Advanced Cluster Management for Kubernetes * Red Hat Quay * Red Hat OpenShift Dev Spaces * Red Hat OpenShift Service on AWS Storage * Red Hat Gluster Storage * Red Hat Hyperconverged Infrastructure * Red Hat Ceph Storage * Red Hat OpenShift Data Foundation Runtimes * Red Hat Runtimes * Red Hat JBoss Enterprise Application Platform * Red Hat Data Grid * Red Hat JBoss Web Server * Red Hat build of Keycloak * Red Hat support for Spring Boot * Red Hat build of Node.js * Red Hat build of Quarkus Integration and Automation * Red Hat Application Foundations * Red Hat Fuse * Red Hat AMQ * Red Hat 3scale API Management All Products All Red Hat QUICK LINKS: REDHAT.COM, CUSTOMER PORTAL, RED HAT'S DEVELOPER SITE, RED HAT'S PARTNER SITE. * You are here RED HAT Learn about our open source products, services, and company. * You are here RED HAT CUSTOMER PORTAL Get product support and knowledge from the open source experts. * You are here RED HAT DEVELOPER Read developer tutorials and download Red Hat software for cloud application development. * You are here RED HAT PARTNER CONNECT Get training, subscriptions, certifications, and more for partners to build, sell, and support customer solutions. PRODUCTS & TOOLS * ANSIBLE.COM Learn about and try our IT automation product. * RED HAT ECOSYSTEM CATALOG Find hardware, software, and cloud providers―and download container images―certified to perform with Red Hat technologies. TRY, BUY, & SELL * RED HAT HYBRID CLOUD CONSOLE Access technical how-tos, tutorials, and learning paths focused on Red Hat’s hybrid cloud managed services. * RED HAT STORE Buy select Red Hat products and services online. * RED HAT MARKETPLACE Try, buy, sell, and manage certified enterprise software for container-based environments. EVENTS * RED HAT SUMMIT AND ANSIBLEFEST Register for and learn about our annual open source IT industry event. Red Hat Product Errata RHSA-2024:4057 - Security Advisory Issued: 2024-06-24 Updated: 2024-06-24 RHSA-2024:4057 - SECURITY ADVISORY * Overview * Updated Images SYNOPSIS Important: Release of OpenShift Serverless Logic 1.33.0 security update & enhancements TYPE/SEVERITY Security Advisory: Important TOPIC Release of OpenShift Serverless Logic 1.33.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. DESCRIPTION This release includes security, bug fixes, and enhancements. Security Fix(es): * keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249) * keycloak: XSS via assertion consumer service URL in SAML POST-binding flow (CVE-2023-6717) * pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597) * camel-core: Exposure of sensitive data by crafting a malicious EventFactory (CVE-2024-22371) * commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710) * commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308) * jose4j: denial of service via specially crafted JWE (CVE-2023-51775) For more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section. SOLUTION See the Red Hat OpenShift serverless 1.33 documentation at: https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33 AFFECTED PRODUCTS * Red Hat Openshift Serverless 1 x86_64 * Red Hat OpenShift Serverless for IBM Power, little endian 1 ppc64le * Red Hat Openshift Serverless for ARM 1 aarch64 FIXES * BZ - 2253952 - CVE-2023-6717 keycloak: XSS via assertion consumer service URL in SAML POST-binding flow * BZ - 2262918 - CVE-2024-1249 keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS * BZ - 2264988 - CVE-2024-25710 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file * BZ - 2264989 - CVE-2024-26308 commons-compress: OutOfMemoryError unpacking broken Pack200 file * BZ - 2266024 - CVE-2024-22371 camel-core: Exposure of sensitive data by crafting a malicious EventFactory * BZ - 2266523 - CVE-2024-1597 pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE * BZ - 2266921 - CVE-2023-51775 jose4j: denial of service via specially crafted JWE CVES * CVE-2023-6717 * CVE-2023-51775 * CVE-2024-1249 * CVE-2024-1597 * CVE-2024-22371 * CVE-2024-25710 * CVE-2024-26308 REFERENCES * https://access.redhat.com/security/updates/classification/#important * https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33 AARCH64 openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267 openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979 openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5 openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9 openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca PPC64LE openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346 openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57 openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775 openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586 openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0 X86_64 openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4 openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19 openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3 openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9 openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40 openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4 openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496 The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/. X (formerly Twitter) QUICK LINKS * Downloads * Subscriptions * Support Cases * Customer Service * Product Documentation HELP * Contact Us * Customer Portal FAQ * Log-in Assistance SITE INFO * Trust Red Hat * Browser Support Policy * Accessibility * Awards and Recognition * Colophon RELATED SITES * redhat.com * developers.redhat.com * connect.redhat.com * cloud.redhat.com SYSTEMS STATUS * All systems operational ABOUT * Red Hat Subscription Value * About Red Hat * Red Hat Jobs RED HAT LEGAL AND PRIVACY LINKS * About Red Hat * Jobs * Events * Locations * Contact Red Hat * Red Hat Blog * Diversity, equity, and inclusion * Cool Stuff Store * Red Hat Summit © 2024 Red Hat, Inc. RED HAT LEGAL AND PRIVACY LINKS * Privacy statement * Terms of use * All policies and guidelines * Digital accessibility * Cookie-präferenzen