Protect yourself against future threats.
=========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.2428 Red Hat Service Interconnect 1.5.3 Release (images) 19 April 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Red Hat Service Interconnect 1.5.3 Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2023-45287 CVE-2023-39326 CVE-2023-39319 CVE-2023-39318 CVE-2023-39322 CVE-2023-39321 Original Bulletin: https://access.redhat.com/errata/RHSA-2024:1901 Comment: CVSS (Max): 7.5 CVE-2023-45287 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Service Interconnect 1.5.3 Release (images) Advisory ID: RHSA-2024:1901 Product: 9Base-Service-Interconnect-1 Advisory URL: https://access.redhat.com/errata/RHSA-2024:1901 Issue date: 2024-04-18 CVE Names: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 CVE-2023-39326 CVE-2023-45287 ===================================================================== 1. Summary: OpenShift container images for the Red Hat Service Interconnect 1.5 release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: 9Base-Service-Interconnect-1 - s390x, ppc64le, arm64, amd64 3. Description: Red Hat Service Interconnect 1.5 creates a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2237776 - CVE-2023-39318 - golang: html/template: improper handling of HTML-like comments within script contexts 2237773 - CVE-2023-39319 - golang: html/template: improper handling of special tags within script contexts 2237777 - CVE-2023-39321 - golang: crypto/tls: panic when processing post- handshake message on QUIC connections 2237778 - CVE-2023-39322 - golang: crypto/tls: lack of a limit on buffered post- handshake 2253330 - CVE-2023-39326 - golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 2253193 - CVE-2023-45287 - golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 6. Package List: 9Base-Service-Interconnect-1 9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha2 56:180140ab08a50b95fd982a87a6ddac0968acf7e5f704a43542537c3a9b9ddaad_amd64: service-interconnect/skupper-config-sync-rhel9@sha256:180140ab08a50b95fd982a87a6 ddac0968acf7e5f704a43542537c3a9b9ddaad_amd64.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha2 56:69e6c14c9d843d31009ae19cd295596abb8d344736f1f97e6ffcefa66b5c7abc_ppc64le: service-interconnect/skupper-config-sync-rhel9@sha256:69e6c14c9d843d31009ae19cd2 95596abb8d344736f1f97e6ffcefa66b5c7abc_ppc64le.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha2 56:734ae2301b21d7e918baf0611c48edd115d1381e815a39a241fe577d7b2e3491_s390x: service-interconnect/skupper-config-sync-rhel9@sha256:734ae2301b21d7e918baf0611c 48edd115d1381e815a39a241fe577d7b2e3491_s390x.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha2 56:8140748eb1a371b066bedc10a34af1159a15767e316db65d6b3d1f58378bdd68_arm64: service-interconnect/skupper-config-sync-rhel9@sha256:8140748eb1a371b066bedc10a3 4af1159a15767e316db65d6b3d1f58378bdd68_arm64.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel 9@sha256:4cad86929f84fae53bfbaf15e540492c23e9b89b0e668585e393b684367c039d_amd64: service-interconnect/skupper-controller-podman-rhel9@sha256:4cad86929f84fae53bfb af15e540492c23e9b89b0e668585e393b684367c039d_amd64.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel 9@sha256:68d4cb3134f36ed18dbb93bfa08979cbff7f96d635f6a8ae2e0cc58a28a04e1b_arm64: service-interconnect/skupper-controller-podman-rhel9@sha256:68d4cb3134f36ed18dbb 93bfa08979cbff7f96d635f6a8ae2e0cc58a28a04e1b_arm64.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel 9@sha256:74ecd321293c273e97a0fc905e144db58d5a64b0baeee149dd0cbb8b3335860f_s390x: service-interconnect/skupper-controller-podman-rhel9@sha256:74ecd321293c273e97a0 fc905e144db58d5a64b0baeee149dd0cbb8b3335860f_s390x.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel 9@sha256:b0d2c06e613c738062077560c426a770398aebd75aa0ffbc28c41542cc64312a_ppc64l e: service-interconnect/skupper-controller-podman-rhel9@sha256:b0d2c06e613c73806207 7560c426a770398aebd75aa0ffbc28c41542cc64312a_ppc64le.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@s ha256:041afed1637a46f653aec15f852c940f20ec37080cc42efe0fc4aebfb72799d5_ppc64le: service-interconnect/skupper-flow-collector-rhel9@sha256:041afed1637a46f653aec15 f852c940f20ec37080cc42efe0fc4aebfb72799d5_ppc64le.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@s ha256:1f332712d5b57601d6aa572635e5d6b57b710a3ace753e8c259dc2538d492b3c_s390x: service-interconnect/skupper-flow-collector-rhel9@sha256:1f332712d5b57601d6aa572 635e5d6b57b710a3ace753e8c259dc2538d492b3c_s390x.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@s ha256:7dc11addf5b8c1bf12462546cc1ef6a5bba3b8958f24f2f2fa3c788ea4a38dd4_arm64: service-interconnect/skupper-flow-collector-rhel9@sha256:7dc11addf5b8c1bf1246254 6cc1ef6a5bba3b8958f24f2f2fa3c788ea4a38dd4_arm64.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@s ha256:8d702f52efb148f5b9fc4f42b3259dc08ad50fd0231316bb0a37e82e4631b066_amd64: service-interconnect/skupper-flow-collector-rhel9@sha256:8d702f52efb148f5b9fc4f4 2b3259dc08ad50fd0231316bb0a37e82e4631b066_amd64.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256 :b519fc58904f982ab0e04bf5e799c23b0a8e929f0439cd423dc8dcfd51605932_amd64: service-interconnect/skupper-operator-bundle@sha256:b519fc58904f982ab0e04bf5e799 c23b0a8e929f0439cd423dc8dcfd51605932_amd64.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256 :d55852cc4e6dd6324a4c633c39e0858cef5bd7d80df74a0a202eda2299525ce2_arm64: service-interconnect/skupper-operator-bundle@sha256:d55852cc4e6dd6324a4c633c39e0 858cef5bd7d80df74a0a202eda2299525ce2_arm64.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:60 f5322bad7f9a67ecfcac6266c002d1c48946f5b34245e495a81e67b4656e5f_arm64: service-interconnect/skupper-router-rhel9@sha256:60f5322bad7f9a67ecfcac6266c002d 1c48946f5b34245e495a81e67b4656e5f_arm64.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:78 72ce2d68624c4c4b750152fd56661637fc62207ad8330baa61d05e09019bdb_amd64: service-interconnect/skupper-router-rhel9@sha256:7872ce2d68624c4c4b750152fd56661 637fc62207ad8330baa61d05e09019bdb_amd64.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhe l9@sha256:73cfb86ea5d01d0c4d729a03f9a8ae701a9d53d3f005673237704adb05414632_arm64 : service-interconnect/skupper-service-controller-rhel9@sha256:73cfb86ea5d01d0c4d7 29a03f9a8ae701a9d53d3f005673237704adb05414632_arm64.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhe l9@sha256:d6f6111e7931995eb31dce83a4ece50dae0d82a5654ac534c6e17f0ccf02a641_amd64 : service-interconnect/skupper-service-controller-rhel9@sha256:d6f6111e7931995eb31 dce83a4ece50dae0d82a5654ac534c6e17f0ccf02a641_amd64.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhe l9@sha256:d9bd1db12c604efa1a12f8106dca9308ce80be40fb5552a46470969dab1b1c97_ppc64 le: service-interconnect/skupper-service-controller-rhel9@sha256:d9bd1db12c604efa1a1 2f8106dca9308ce80be40fb5552a46470969dab1b1c97_ppc64le.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhe l9@sha256:d9bde8b8ae60e36b7e13efb7a1dd1412e534143269d568e4072fa79b75706021_s390x : service-interconnect/skupper-service-controller-rhel9@sha256:d9bde8b8ae60e36b7e1 3efb7a1dd1412e534143269d568e4072fa79b75706021_s390x.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@ sha256:906e593e142ac5b9b11c618a96933e00fa6adb94744f9de46912debd0f78f90b_ppc64le: service-interconnect/skupper-site-controller-rhel9@sha256:906e593e142ac5b9b11c61 8a96933e00fa6adb94744f9de46912debd0f78f90b_ppc64le.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@ sha256:a3c31b3d93a3157de6793b35a4fc9234942aea79797e94bd13f2f994d4aea175_amd64: service-interconnect/skupper-site-controller-rhel9@sha256:a3c31b3d93a3157de6793b 35a4fc9234942aea79797e94bd13f2f994d4aea175_amd64.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@ sha256:d7ef2b4309851199a3a9b1a533d9b2f8ebf2749114d1f5024a39d4a10b038e1e_s390x: service-interconnect/skupper-site-controller-rhel9@sha256:d7ef2b4309851199a3a9b1 a533d9b2f8ebf2749114d1f5024a39d4a10b038e1e_s390x.rpm 9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@ sha256:f465001e8c2cb1369db5f2c109aa3ea0e6ff3d76b670f47ffcf54d35e216a08c_arm64: service-interconnect/skupper-site-controller-rhel9@sha256:f465001e8c2cb1369db5f2 c109aa3ea0e6ff3d76b670f47ffcf54d35e216a08c_arm64.rpm 7. References: https://access.redhat.com/security/cve/CVE-2023-39318 https://access.redhat.com/security/cve/CVE-2023-39319 https://access.redhat.com/security/cve/CVE-2023-39321 https://access.redhat.com/security/cve/CVE-2023-39322 https://access.redhat.com/security/cve/CVE-2023-39326 https://access.redhat.com/security/cve/CVE-2023-45287 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_service_interconnect/ - --------------------------END INCLUDED TEXT---------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================