rhsa-2024_4119
Vulnerability from csaf_redhat
Published
2024-06-26 09:22
Modified
2024-09-18 05:24
Summary
Red Hat Security Advisory: Updated rhceph-5.3 container image and security update
Notes
Topic
Updated rhceph-5.3 container image is now available in the Red Hat Ecosystem Catalog.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
The rhceph-5.3 image is based on Red Hat Ceph Storage 5.3 and Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 9.
Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index
All users of the rhceph-5.3 image are advised to pull this updated image from the Red Hat Ecosystem Catalog.
Security Fix(es):
* golang: cmd/cgo: Arbitrary code execution triggered by linker flags (CVE-2023-29405)
* golang: cmd/go: go command may execute arbitrary code at build time when using cgo (CVE-2023-29404)
* golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402)
* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rhceph-5.3 container image is now available in the Red Hat Ecosystem Catalog.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.\n\nThe rhceph-5.3 image is based on Red Hat Ceph Storage 5.3 and Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 9.\n\nSpace precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes: \n \nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index \n\nAll users of the rhceph-5.3 image are advised to pull this updated image from the Red Hat Ecosystem Catalog.\n\nSecurity Fix(es):\n* golang: cmd/cgo: Arbitrary code execution triggered by linker flags (CVE-2023-29405)\n* golang: cmd/go: go command may execute arbitrary code at build time when using cgo (CVE-2023-29404)\n* golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402)\n* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4119",
"url": "https://access.redhat.com/errata/RHSA-2024:4119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-29405",
"url": "https://access.redhat.com/security/cve/CVE-2023-29405"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-29404",
"url": "https://access.redhat.com/security/cve/CVE-2023-29404"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-29402",
"url": "https://access.redhat.com/security/cve/CVE-2023-29402"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-24540",
"url": "https://access.redhat.com/security/cve/CVE-2023-24540"
},
{
"category": "external",
"summary": "2196027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
},
{
"category": "external",
"summary": "2217562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217562"
},
{
"category": "external",
"summary": "2217565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217565"
},
{
"category": "external",
"summary": "2217569",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217569"
},
{
"category": "external",
"summary": "2273325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273325"
},
{
"category": "external",
"summary": "2293103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293103"
},
{
"category": "external",
"summary": "2293104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293104"
},
{
"category": "external",
"summary": "2293105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293105"
},
{
"category": "external",
"summary": "2293106",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293106"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4119.json"
}
],
"title": "Red Hat Security Advisory: Updated rhceph-5.3 container image and security update",
"tracking": {
"current_release_date": "2024-09-18T05:24:05+00:00",
"generator": {
"date": "2024-09-18T05:24:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2024:4119",
"initial_release_date": "2024-06-26T09:22:32+00:00",
"revision_history": [
{
"date": "2024-06-26T09:22:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-26T09:22:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-18T05:24:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 5.3 Tools",
"product": {
"name": "Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:5.3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"product": {
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"product_id": "rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-dashboard-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"product": {
"name": "rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"product_id": "rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel8\u0026tag=2.1.5-42"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"product": {
"name": "rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"product_id": "rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"product": {
"name": "rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"product_id": "rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel8\u0026tag=2.2.19-35"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"product": {
"name": "rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"product_id": "rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel8\u0026tag=1.2.1-69"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"product": {
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"product_id": "rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-dashboard-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"product": {
"name": "rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"product_id": "rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel8\u0026tag=2.1.5-42"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"product": {
"name": "rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"product_id": "rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"product": {
"name": "rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"product_id": "rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel8\u0026tag=2.2.19-35"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"product": {
"name": "rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"product_id": "rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel8\u0026tag=1.2.1-69"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"product": {
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"product_id": "rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-dashboard-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"product": {
"name": "rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"product_id": "rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel8\u0026tag=2.1.5-42"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"product": {
"name": "rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"product_id": "rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"product_id": "rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel8\u0026tag=2.2.19-35"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64",
"product": {
"name": "rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64",
"product_id": "rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel8\u0026tag=1.2.1-69"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x as a component of Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x"
},
"product_reference": "rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"relates_to_product_reference": "8Base-RHCEPH-5.3-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64 as a component of Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64"
},
"product_reference": "rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"relates_to_product_reference": "8Base-RHCEPH-5.3-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le as a component of Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le"
},
"product_reference": "rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"relates_to_product_reference": "8Base-RHCEPH-5.3-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x as a component of Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x"
},
"product_reference": "rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"relates_to_product_reference": "8Base-RHCEPH-5.3-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64 as a component of Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64"
},
"product_reference": "rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"relates_to_product_reference": "8Base-RHCEPH-5.3-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le as a component of Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le"
},
"product_reference": "rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"relates_to_product_reference": "8Base-RHCEPH-5.3-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x as a component of Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x"
},
"product_reference": "rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"relates_to_product_reference": "8Base-RHCEPH-5.3-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le as a component of Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le"
},
"product_reference": "rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"relates_to_product_reference": "8Base-RHCEPH-5.3-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64 as a component of Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64"
},
"product_reference": "rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"relates_to_product_reference": "8Base-RHCEPH-5.3-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x as a component of Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x"
},
"product_reference": "rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"relates_to_product_reference": "8Base-RHCEPH-5.3-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64 as a component of Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"relates_to_product_reference": "8Base-RHCEPH-5.3-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le as a component of Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le"
},
"product_reference": "rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"relates_to_product_reference": "8Base-RHCEPH-5.3-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le as a component of Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le"
},
"product_reference": "rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"relates_to_product_reference": "8Base-RHCEPH-5.3-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x as a component of Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x"
},
"product_reference": "rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"relates_to_product_reference": "8Base-RHCEPH-5.3-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64 as a component of Red Hat Ceph Storage 5.3 Tools",
"product_id": "8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64"
},
"product_reference": "rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64",
"relates_to_product_reference": "8Base-RHCEPH-5.3-Tools"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-24540",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196027"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of JavaScript whitespace",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users only, therefore the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24540"
},
{
"category": "external",
"summary": "RHBZ#2196027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540"
},
{
"category": "external",
"summary": "https://go.dev/issue/59721",
"url": "https://go.dev/issue/59721"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4119"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: html/template: improper handling of JavaScript whitespace"
},
{
"cve": "CVE-2023-29402",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2023-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217562"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/go: go command may generate unexpected code at build time when using cgo",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only applicable to customer use of the go compiler and not any pre-compiled golang binaries shipped by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29402"
},
{
"category": "external",
"summary": "RHBZ#2217562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217562"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29402",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29402"
},
{
"category": "external",
"summary": "https://go.dev/cl/501226",
"url": "https://go.dev/cl/501226"
},
{
"category": "external",
"summary": "https://go.dev/issue/60167",
"url": "https://go.dev/issue/60167"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1839",
"url": "https://pkg.go.dev/vuln/GO-2023-1839"
}
],
"release_date": "2023-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4119"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/go: go command may generate unexpected code at build time when using cgo"
},
{
"cve": "CVE-2023-29404",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2023-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217565"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/go: go command may execute arbitrary code at build time when using cgo",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only applicable to customer use of the GC \u0026 GCCGO compiler and not any pre-compiled golang binaries shipped by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29404"
},
{
"category": "external",
"summary": "RHBZ#2217565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217565"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29404",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29404"
},
{
"category": "external",
"summary": "https://go.dev/cl/501225",
"url": "https://go.dev/cl/501225"
},
{
"category": "external",
"summary": "https://go.dev/issue/60305",
"url": "https://go.dev/issue/60305"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1841",
"url": "https://pkg.go.dev/vuln/GO-2023-1841"
}
],
"release_date": "2023-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4119"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: cmd/go: go command may execute arbitrary code at build time when using cgo"
},
{
"cve": "CVE-2023-29405",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2023-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217569"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/cgo: Arbitrary code execution triggered by linker flags",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only applicable to customer use of the GCCGO compiler and not any pre-compiled golang binaries shipped by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29405"
},
{
"category": "external",
"summary": "RHBZ#2217569",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217569"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29405",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29405"
},
{
"category": "external",
"summary": "https://go.dev/cl/501224",
"url": "https://go.dev/cl/501224"
},
{
"category": "external",
"summary": "https://go.dev/issue/60306",
"url": "https://go.dev/issue/60306"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1842",
"url": "https://pkg.go.dev/vuln/GO-2023-1842"
}
],
"release_date": "2023-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4119"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:74771c06933519c95c043bafae50579949f7665a08bae94067242cbe122f0b2a_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:9320d6cd86c4854c303c1ff8bd5e7ea9402d57bb99305d3fa71777f3626074a6_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/keepalived-rhel8@sha256:d7a7306a478ede068442d2e550afb25997d07e7789ee2f42d0de28ad658725cc_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:03783e8b39467222b6bd555e446571f969ba1107b61566e13fa4b9fef3a97430_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9e85ebc6bd674665b674e3779bd70db825d8bae0ef73f063d49db1a7f923cdc5_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:cb8fc50eb4bb7609338a48bdca64daf4bb779a88a4a77c40f90a5d3ed7449c3d_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:008a14ab26285daa57be78f805fa6c306afc1e32c272e6793872d885f4c279e6_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:3c192d212d04f82ed2837eaa17d0273a5520a83d37992b75e0895b5b5de47f83_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-5-rhel8@sha256:b12193ed871c1a7a755d257d3a962116cb6b4d8acfc93898faef56c389189c05_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:087a07054c1126010e512d626ac177f4618f605e487e9a9c7d2e260f574bc9ad_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:ba0192053b43c5fc28b6273f25f3c4834ad37e4775d60662ea1279a1060b19f7_amd64",
"8Base-RHCEPH-5.3-Tools:rhceph/rhceph-haproxy-rhel8@sha256:eb29356658ad65b020dfcaaee169fef501afbcb0cf4612c143fc5ec38829c578_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:1b5654619c4c25949563b561ba0b3a156b43c1d62a5ffa71524cdd0993add2e6_ppc64le",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:d6a2c4fb376a48844ef8b8c0b1a05593eabce7c49c57fbc88a0c96ec172ff6fe_s390x",
"8Base-RHCEPH-5.3-Tools:rhceph/snmp-notifier-rhel8@sha256:f4715ac64a43f3a654914f567c36e7179a3413b1c455be2e0dbe3d9bba89db70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: cmd/cgo: Arbitrary code execution triggered by linker flags"
}
]
}
Loading...