Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Red Hat OpenShift Data Foundation
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Red Hat OpenShift Data Foundation
ID: RHSA-2025:0082
Distribution: Red Hat
Plattformen: Red Hat RHODF 4.16 for RHEL 9
Datum: Do, 9. Januar 2025, 16:20
Referenzen: https://access.redhat.com/security/cve/CVE-2024-48910
https://access.redhat.com/security/cve/CVE-2024-43800
https://bugzilla.redhat.com/show_bug.cgi?id=2322949
https://bugzilla.redhat.com/show_bug.cgi?id=2311152
https://bugzilla.redhat.com/show_bug.cgi?id=2331063
https://access.redhat.com/security/cve/CVE-2023-26136
https://access.redhat.com/security/cve/CVE-2024-21538
https://bugzilla.redhat.com/show_bug.cgi?id=2311154
https://bugzilla.redhat.com/show_bug.cgi?id=2311153
https://bugzilla.redhat.com/show_bug.cgi?id=2219310
https://access.redhat.com/security/cve/CVE-2024-43799
https://access.redhat.com/security/cve/CVE-2024-43796
https://bugzilla.redhat.com/show_bug.cgi?id=2295310
https://access.redhat.com/security/cve/CVE-2024-55565
https://access.redhat.com/errata/RHSA-2025:0082
https://access.redhat.com/security/cve/CVE-2023-26364
https://access.redhat.com/security/cve/CVE-2024-24791
https://bugzilla.redhat.com/show_bug.cgi?id=2324550
https://bugzilla.redhat.com/show_bug.cgi?id=2310908
https://bugzilla.redhat.com/show_bug.cgi?id=2250364
https://access.redhat.com/security/cve/CVE-2024-45296
Applikationen: Red Hat OpenShift Data Foundation

Originalnachricht

Updated images that fix several bugs are now available for Red Hat OpenShift
Data Foundation 4.16.5 on Red Hat Enterprise Linux 9 from Red Hat Container Registry.

Red Hat OpenShift Data Foundation is software-defined storage integrated with
and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3 compatible API.

Security Fix(es) from Bugzilla:

* dompurify: DOMPurify vulnerable to tampering by prototype pollution
(CVE-2024-48910)

* tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)

* css-tools: Improper Input Validation causes Denial of Service via Regular
Expression (CVE-2023-26364)

* net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)

* path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)

* express: Improper Input Handling in Express Redirects (CVE-2024-43796)

* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)

* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)

* nanoid: nanoid mishandles non-integer values (CVE-2024-55565)

* cross-spawn: regular expression denial of service (CVE-2024-21538)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-26136: Improperly Controlled Modification of Object Prototype
Attributes ('Prototype Pollution') (CWE-1321)
CVE-2023-26364: Improper Input Validation (CWE-20)
CVE-2024-21538: Inefficient Regular Expression Complexity (CWE-1333)
CVE-2024-24791: Improper Input Validation (CWE-20)
CVE-2024-43796: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting') (CWE-79)
CVE-2024-43799: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting') (CWE-79)
CVE-2024-43800: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting') (CWE-79)
CVE-2024-45296: Inefficient Regular Expression Complexity (CWE-1333)
CVE-2024-48910: Improperly Controlled Modification of Object Prototype
Attributes ('Prototype Pollution') (CWE-1321)
CVE-2024-55565: Loop with Unreachable Exit Condition ('Infinite Loop')
(CWE-835)
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung