drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in RHODF
| Name: |
Mehrere Probleme in RHODF |
|
| ID: |
RHSA-2025:4511 |
|
| Distribution: |
Red Hat |
|
| Plattformen: |
Red Hat RHODF 4.18 for RHEL 9 |
|
| Datum: |
Mi, 7. Mai 2025, 07:15 |
|
| Referenzen: |
https://access.redhat.com/security/cve/CVE-2024-11831
https://bugzilla.redhat.com/show_bug.cgi?id=2354195
https://access.redhat.com/errata/RHSA-2025:4511
https://bugzilla.redhat.com/show_bug.cgi?id=2348366
https://access.redhat.com/security/cve/CVE-2025-27144
https://bugzilla.redhat.com/show_bug.cgi?id=2348367
https://access.redhat.com/security/cve/CVE-2024-21536
https://bugzilla.redhat.com/show_bug.cgi?id=2290901
https://issues.redhat.com/browse/DFBUGS-1798
https://access.redhat.com/security/cve/CVE-2024-29041
https://bugzilla.redhat.com/show_bug.cgi?id=2319884
https://bugzilla.redhat.com/show_bug.cgi?id=2312579
https://access.redhat.com/security/cve/CVE-2025-30204
https://access.redhat.com/security/cve/CVE-2025-22869
https://issues.redhat.com/browse/DFBUGS-269
https://access.redhat.com/security/cve/CVE-2025-22868
https://bugzilla.redhat.com/show_bug.cgi?id=2347423 |
|
| Applikationen: |
RHODF |
|
Originalnachricht |
Updated images are now available for RHODF-4.18-RHEL-9.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
OpenShift Data Foundation is software-defined storage integrated with and
optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift DataFoundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3 compatible API.
Security Fix(es):
* express: cause malformed URLs to be evaluated (CVE-2024-29041)
* npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript
(CVE-2024-11831)
* http-proxy-middleware: Denial of Service (CVE-2024-21536)
* go-jose: Go JOSE's Parsing Vulnerable to Denial of Service
(CVE-2025-27144)
* golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing
in golang.org/x/oauth2/jws (CVE-2025-22868)
* golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of
golang.org/x/crypto/ssh (CVE-2025-22869)
* golang-jwt/jwt: jwt-go allows excessive memory allocation during header
parsing (CVE-2025-30204)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2024-11831: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting') (CWE-79)
CVE-2024-21536: Uncontrolled Resource Consumption (CWE-400)
CVE-2024-29041: URL Redirection to Untrusted Site ('Open Redirect')
(CWE-601)
CVE-2025-22868: Improper Validation of Syntactic Correctness of Input
(CWE-1286)
CVE-2025-22869: Allocation of Resources Without Limits or Throttling (CWE-770)
CVE-2025-27144: Allocation of Resources Without Limits or Throttling (CWE-770)
CVE-2025-30204: Asymmetric Resource Consumption (Amplification) (CWE-405)
|
|
|
|
