access.redhat.com Open in urlscan Pro
2a02:26f0:3100::210:6ecb  Public Scan

URL: https://access.redhat.com/errata/RHSA-2024:4057
Submission: On July 16 via api from BE — Scanned from DE

Form analysis 1 forms found in the DOM

Name: topSearchFormGET /search/browse/search/

<form class="ng-pristine ng-valid topSearchForm" id="topSearchForm" name="topSearchForm" action="/search/browse/search/" method="get" enctype="application/x-www-form-urlencoded">
  <cp-search-autocomplete class="push-bottom PFElement" path="/webassets/avalon/j/data.json" num-items="5" placeholder="Enter your search term" pfelement="" type="container"></cp-search-autocomplete>
  <div> Or <a href="/support/cases/#/troubleshoot">troubleshoot an issue</a>. </div>
</form>

Text Content

Note: Our personalized web services require that your browser be enabled for
JavaScript and cookies
Skip to navigation Skip to main content


UTILITIES

 * Subscriptions
 * Downloads
 * Red Hat Console
 * Get Support


 * Subscriptions
 * Downloads
 * Red Hat Console
 * Get Support
 * Products
   
   
   TOP PRODUCTS
   
    * Red Hat Enterprise Linux
    * Red Hat OpenShift
    * Red Hat Ansible Automation Platform
   
   All Products
   
   
   DOWNLOADS AND CONTAINERS
   
    * Downloads
    * Packages
    * Containers
   
   
   TOP RESOURCES
   
    * Documentation
    * Product Life Cycles
    * Product Compliance
    * Errata

 * Knowledge
   
   
   RED HAT KNOWLEDGE CENTER
   
    * Knowledgebase Solutions
    * Knowledgebase Articles
    * Customer Portal Labs
    * Errata
   
   
   TOP PRODUCT DOCS
   
    * Red Hat Enterprise Linux
    * Red Hat OpenShift
    * Red Hat Ansible Automation Platform
   
   All Product Docs
   
   
   TRAINING AND CERTIFICATION
   
    * About
    * Course Index
    * Certification Index
    * Skill Assessment

 * Security
   
   
   RED HAT PRODUCT SECURITY CENTER
   
    * Security Updates
    * Security Advisories
    * Red Hat CVE Database
    * Errata
   
   
   REFERENCES
   
    * Security Bulletins
    * Security Classifications
    * Severety Ratings
    * Security Data
   
   
   TOP RESOURCES
   
    * Security Labs
    * Backporting Policies
    * Security Blog

 * Support
   
   
   RED HAT SUPPORT
   
    * Support Cases
    * Troubleshoot
    * Get Support
    * Contact Red Hat Support
   
   
   RED HAT COMMUNITY SUPPORT
   
    * Customer Portal Community
    * Community Discussions
    * Customer Portal Announcements
    * Red Hat Accelerator Program
      
   
   
   TOP RESOURCES
   
    * Product Life Cycles
    * Customer Portal Labs
    * Red Hat JBoss Supported Configurations
    * Red Hat Insights

Or troubleshoot an issue.
English


SELECT YOUR LANGUAGE

 * English
 * Français
 * 한국어
 * 日本語
 * 中文 (中国)

Infrastructure and Management
 * Red Hat Enterprise Linux
 * Red Hat Satellite
 * Red Hat Subscription Management
 * Red Hat Insights
 * Red Hat Ansible Automation Platform

Cloud Computing
 * Red Hat OpenShift
 * Red Hat OpenStack Platform
 * Red Hat OpenShift
 * Red Hat OpenShift AI
 * Red Hat OpenShift Dedicated
 * Red Hat Advanced Cluster Security for Kubernetes
 * Red Hat Advanced Cluster Management for Kubernetes
 * Red Hat Quay
 * Red Hat OpenShift Dev Spaces
 * Red Hat OpenShift Service on AWS

Storage
 * Red Hat Gluster Storage
 * Red Hat Hyperconverged Infrastructure
 * Red Hat Ceph Storage
 * Red Hat OpenShift Data Foundation

Runtimes
 * Red Hat Runtimes
 * Red Hat JBoss Enterprise Application Platform
 * Red Hat Data Grid
 * Red Hat JBoss Web Server
 * Red Hat build of Keycloak
 * Red Hat support for Spring Boot
 * Red Hat build of Node.js
 * Red Hat build of Quarkus

Integration and Automation
 * Red Hat Application Foundations
 * Red Hat Fuse
 * Red Hat AMQ
 * Red Hat 3scale API Management

All Products
All Red Hat


QUICK LINKS: REDHAT.COM, CUSTOMER PORTAL, RED HAT'S DEVELOPER SITE, RED HAT'S
PARTNER SITE.

 * You are here
   
   
   
   
   RED HAT
   
   Learn about our open source products, services, and company.

 * You are here
   
   
   
   
   RED HAT CUSTOMER PORTAL
   
   Get product support and knowledge from the open source experts.

 * You are here
   
   
   
   
   RED HAT DEVELOPER
   
   Read developer tutorials and download Red Hat software for cloud application
   development.

 * You are here
   
   
   
   
   RED HAT PARTNER CONNECT
   
   Get training, subscriptions, certifications, and more for partners to build,
   sell, and support customer solutions.


PRODUCTS & TOOLS


 * ANSIBLE.COM
   
   Learn about and try our IT automation product.


 * RED HAT ECOSYSTEM CATALOG
   
   Find hardware, software, and cloud providers―and download container
   images―certified to perform with Red Hat technologies.


TRY, BUY, & SELL


 * RED HAT HYBRID CLOUD CONSOLE
   
   Access technical how-tos, tutorials, and learning paths focused on Red Hat’s
   hybrid cloud managed services.


 * RED HAT STORE
   
   Buy select Red Hat products and services online.


 * RED HAT MARKETPLACE
   
   Try, buy, sell, and manage certified enterprise software for container-based
   environments.


EVENTS


 * RED HAT SUMMIT AND ANSIBLEFEST
   
   Register for and learn about our annual open source IT industry event.



Red Hat Product Errata RHSA-2024:4057 - Security Advisory
Issued: 2024-06-24 Updated: 2024-06-24


RHSA-2024:4057 - SECURITY ADVISORY

 * Overview
 * Updated Images


SYNOPSIS

Important: Release of OpenShift Serverless Logic 1.33.0 security update &
enhancements


TYPE/SEVERITY

Security Advisory: Important


TOPIC

Release of OpenShift Serverless Logic 1.33.0


Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.


DESCRIPTION

This release includes security, bug fixes, and enhancements.


Security Fix(es):


 * keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in
   checkLoginIframe leads to DDoS (CVE-2024-1249)
 * keycloak: XSS via assertion consumer service URL in SAML POST-binding flow
   (CVE-2023-6717)
 * pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using
   PreferQueryMode=SIMPLE (CVE-2024-1597)
 * camel-core: Exposure of sensitive data by crafting a malicious EventFactory
   (CVE-2024-22371)
 * commons-compress: Denial of service caused by an infinite loop for a
   corrupted DUMP file (CVE-2024-25710)
 * commons-compress: OutOfMemoryError unpacking broken Pack200 file
   (CVE-2024-26308)
 * jose4j: denial of service via specially crafted JWE (CVE-2023-51775)

For more details about the security issues, including the impact, a CVSS score,
acknowledgements, and other related information, refer to the CVE pages listed
in the References section.


SOLUTION

See the Red Hat OpenShift serverless 1.33 documentation at:
https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33


AFFECTED PRODUCTS

 * Red Hat Openshift Serverless 1 x86_64
 * Red Hat OpenShift Serverless for IBM Power, little endian 1 ppc64le
 * Red Hat Openshift Serverless for ARM 1 aarch64


FIXES

 * BZ - 2253952 - CVE-2023-6717 keycloak: XSS via assertion consumer service URL
   in SAML POST-binding flow
 * BZ - 2262918 - CVE-2024-1249 keycloak: org.keycloak.protocol.oidc:
   unvalidated cross-origin messages in checkLoginIframe leads to DDoS
 * BZ - 2264988 - CVE-2024-25710 commons-compress: Denial of service caused by
   an infinite loop for a corrupted DUMP file
 * BZ - 2264989 - CVE-2024-26308 commons-compress: OutOfMemoryError unpacking
   broken Pack200 file
 * BZ - 2266024 - CVE-2024-22371 camel-core: Exposure of sensitive data by
   crafting a malicious EventFactory
 * BZ - 2266523 - CVE-2024-1597 pgjdbc: PostgreSQL JDBC Driver allows attacker
   to inject SQL if using PreferQueryMode=SIMPLE
 * BZ - 2266921 - CVE-2023-51775 jose4j: denial of service via specially crafted
   JWE


CVES

 * CVE-2023-6717
 * CVE-2023-51775
 * CVE-2024-1249
 * CVE-2024-1597
 * CVE-2024-22371
 * CVE-2024-25710
 * CVE-2024-26308


REFERENCES

 * https://access.redhat.com/security/updates/classification/#important
 * https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33


AARCH64

openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267
openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979
openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5
openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f
openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9
openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa
openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca


PPC64LE

openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de
openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346
openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57
openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775
openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca
openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586
openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0


X86_64

openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4
openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3
openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9
openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c
openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40
openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4
openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496

The Red Hat security contact is secalert@redhat.com. More contact details at
https://access.redhat.com/security/team/contact/.


X (formerly Twitter)


QUICK LINKS

 * Downloads
 * Subscriptions
 * Support Cases
 * Customer Service
 * Product Documentation


HELP

 * Contact Us
 * Customer Portal FAQ
 * Log-in Assistance


SITE INFO

 * Trust Red Hat
 * Browser Support Policy
 * Accessibility
 * Awards and Recognition
 * Colophon


RELATED SITES

 * redhat.com
 * developers.redhat.com
 * connect.redhat.com
 * cloud.redhat.com


SYSTEMS STATUS

 * All systems operational


ABOUT

 * Red Hat Subscription Value
 * About Red Hat
 * Red Hat Jobs




RED HAT LEGAL AND PRIVACY LINKS

 * About Red Hat
 * Jobs
 * Events
 * Locations
 * Contact Red Hat
 * Red Hat Blog
 * Diversity, equity, and inclusion
 * Cool Stuff Store
 * Red Hat Summit

© 2024 Red Hat, Inc.


RED HAT LEGAL AND PRIVACY LINKS

 * Privacy statement
 * Terms of use
 * All policies and guidelines
 * Digital accessibility
   
   
 * Cookie-präferenzen