Protect yourself against future threats.
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2024.2428
Red Hat Service Interconnect 1.5.3 Release (images)
19 April 2024
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Red Hat Service Interconnect 1.5.3
Publisher: Red Hat
Operating System: Red Hat
Resolution: Patch/Upgrade
CVE Names: CVE-2023-45287 CVE-2023-39326 CVE-2023-39319
CVE-2023-39318 CVE-2023-39322 CVE-2023-39321
Original Bulletin:
https://access.redhat.com/errata/RHSA-2024:1901
Comment: CVSS (Max): 7.5 CVE-2023-45287 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS Source: Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- --------------------------BEGIN INCLUDED TEXT--------------------
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat Service Interconnect 1.5.3
Release (images)
Advisory ID: RHSA-2024:1901
Product: 9Base-Service-Interconnect-1
Advisory URL: https://access.redhat.com/errata/RHSA-2024:1901
Issue date: 2024-04-18
CVE Names: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322
CVE-2023-39326 CVE-2023-45287
=====================================================================
1. Summary:
OpenShift container images for the Red Hat Service Interconnect 1.5 release.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
2. Relevant releases/architectures:
9Base-Service-Interconnect-1 - s390x, ppc64le, arm64, amd64
3. Description:
Red Hat Service Interconnect 1.5 creates a service network, linking
TCP and HTTP services across the hybrid cloud.
A service network enables communication between services running in different
network locations or sites.
It allows geographically distributed services to connect as if they were all
running in the same site.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2237776 - CVE-2023-39318 - golang: html/template: improper handling of HTML-like
comments within script contexts
2237773 - CVE-2023-39319 - golang: html/template: improper handling of special
tags within script contexts
2237777 - CVE-2023-39321 - golang: crypto/tls: panic when processing post-
handshake message on QUIC connections
2237778 - CVE-2023-39322 - golang: crypto/tls: lack of a limit on buffered post-
handshake
2253330 - CVE-2023-39326 - golang: net/http/internal: Denial of Service (DoS)
via Resource Consumption via HTTP requests
2253193 - CVE-2023-45287 - golang: crypto/tls: Timing Side Channel attack in RSA
based TLS key exchanges.
6. Package List:
9Base-Service-Interconnect-1
9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha2
56:180140ab08a50b95fd982a87a6ddac0968acf7e5f704a43542537c3a9b9ddaad_amd64:
service-interconnect/skupper-config-sync-rhel9@sha256:180140ab08a50b95fd982a87a6
ddac0968acf7e5f704a43542537c3a9b9ddaad_amd64.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha2
56:69e6c14c9d843d31009ae19cd295596abb8d344736f1f97e6ffcefa66b5c7abc_ppc64le:
service-interconnect/skupper-config-sync-rhel9@sha256:69e6c14c9d843d31009ae19cd2
95596abb8d344736f1f97e6ffcefa66b5c7abc_ppc64le.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha2
56:734ae2301b21d7e918baf0611c48edd115d1381e815a39a241fe577d7b2e3491_s390x:
service-interconnect/skupper-config-sync-rhel9@sha256:734ae2301b21d7e918baf0611c
48edd115d1381e815a39a241fe577d7b2e3491_s390x.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-config-sync-rhel9@sha2
56:8140748eb1a371b066bedc10a34af1159a15767e316db65d6b3d1f58378bdd68_arm64:
service-interconnect/skupper-config-sync-rhel9@sha256:8140748eb1a371b066bedc10a3
4af1159a15767e316db65d6b3d1f58378bdd68_arm64.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel
9@sha256:4cad86929f84fae53bfbaf15e540492c23e9b89b0e668585e393b684367c039d_amd64:
service-interconnect/skupper-controller-podman-rhel9@sha256:4cad86929f84fae53bfb
af15e540492c23e9b89b0e668585e393b684367c039d_amd64.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel
9@sha256:68d4cb3134f36ed18dbb93bfa08979cbff7f96d635f6a8ae2e0cc58a28a04e1b_arm64:
service-interconnect/skupper-controller-podman-rhel9@sha256:68d4cb3134f36ed18dbb
93bfa08979cbff7f96d635f6a8ae2e0cc58a28a04e1b_arm64.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel
9@sha256:74ecd321293c273e97a0fc905e144db58d5a64b0baeee149dd0cbb8b3335860f_s390x:
service-interconnect/skupper-controller-podman-rhel9@sha256:74ecd321293c273e97a0
fc905e144db58d5a64b0baeee149dd0cbb8b3335860f_s390x.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-controller-podman-rhel
9@sha256:b0d2c06e613c738062077560c426a770398aebd75aa0ffbc28c41542cc64312a_ppc64l
e:
service-interconnect/skupper-controller-podman-rhel9@sha256:b0d2c06e613c73806207
7560c426a770398aebd75aa0ffbc28c41542cc64312a_ppc64le.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@s
ha256:041afed1637a46f653aec15f852c940f20ec37080cc42efe0fc4aebfb72799d5_ppc64le:
service-interconnect/skupper-flow-collector-rhel9@sha256:041afed1637a46f653aec15
f852c940f20ec37080cc42efe0fc4aebfb72799d5_ppc64le.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@s
ha256:1f332712d5b57601d6aa572635e5d6b57b710a3ace753e8c259dc2538d492b3c_s390x:
service-interconnect/skupper-flow-collector-rhel9@sha256:1f332712d5b57601d6aa572
635e5d6b57b710a3ace753e8c259dc2538d492b3c_s390x.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@s
ha256:7dc11addf5b8c1bf12462546cc1ef6a5bba3b8958f24f2f2fa3c788ea4a38dd4_arm64:
service-interconnect/skupper-flow-collector-rhel9@sha256:7dc11addf5b8c1bf1246254
6cc1ef6a5bba3b8958f24f2f2fa3c788ea4a38dd4_arm64.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-flow-collector-rhel9@s
ha256:8d702f52efb148f5b9fc4f42b3259dc08ad50fd0231316bb0a37e82e4631b066_amd64:
service-interconnect/skupper-flow-collector-rhel9@sha256:8d702f52efb148f5b9fc4f4
2b3259dc08ad50fd0231316bb0a37e82e4631b066_amd64.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256
:b519fc58904f982ab0e04bf5e799c23b0a8e929f0439cd423dc8dcfd51605932_amd64:
service-interconnect/skupper-operator-bundle@sha256:b519fc58904f982ab0e04bf5e799
c23b0a8e929f0439cd423dc8dcfd51605932_amd64.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-operator-bundle@sha256
:d55852cc4e6dd6324a4c633c39e0858cef5bd7d80df74a0a202eda2299525ce2_arm64:
service-interconnect/skupper-operator-bundle@sha256:d55852cc4e6dd6324a4c633c39e0
858cef5bd7d80df74a0a202eda2299525ce2_arm64.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:60
f5322bad7f9a67ecfcac6266c002d1c48946f5b34245e495a81e67b4656e5f_arm64:
service-interconnect/skupper-router-rhel9@sha256:60f5322bad7f9a67ecfcac6266c002d
1c48946f5b34245e495a81e67b4656e5f_arm64.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-router-rhel9@sha256:78
72ce2d68624c4c4b750152fd56661637fc62207ad8330baa61d05e09019bdb_amd64:
service-interconnect/skupper-router-rhel9@sha256:7872ce2d68624c4c4b750152fd56661
637fc62207ad8330baa61d05e09019bdb_amd64.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhe
l9@sha256:73cfb86ea5d01d0c4d729a03f9a8ae701a9d53d3f005673237704adb05414632_arm64
:
service-interconnect/skupper-service-controller-rhel9@sha256:73cfb86ea5d01d0c4d7
29a03f9a8ae701a9d53d3f005673237704adb05414632_arm64.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhe
l9@sha256:d6f6111e7931995eb31dce83a4ece50dae0d82a5654ac534c6e17f0ccf02a641_amd64
:
service-interconnect/skupper-service-controller-rhel9@sha256:d6f6111e7931995eb31
dce83a4ece50dae0d82a5654ac534c6e17f0ccf02a641_amd64.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhe
l9@sha256:d9bd1db12c604efa1a12f8106dca9308ce80be40fb5552a46470969dab1b1c97_ppc64
le:
service-interconnect/skupper-service-controller-rhel9@sha256:d9bd1db12c604efa1a1
2f8106dca9308ce80be40fb5552a46470969dab1b1c97_ppc64le.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-service-controller-rhe
l9@sha256:d9bde8b8ae60e36b7e13efb7a1dd1412e534143269d568e4072fa79b75706021_s390x
:
service-interconnect/skupper-service-controller-rhel9@sha256:d9bde8b8ae60e36b7e1
3efb7a1dd1412e534143269d568e4072fa79b75706021_s390x.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@
sha256:906e593e142ac5b9b11c618a96933e00fa6adb94744f9de46912debd0f78f90b_ppc64le:
service-interconnect/skupper-site-controller-rhel9@sha256:906e593e142ac5b9b11c61
8a96933e00fa6adb94744f9de46912debd0f78f90b_ppc64le.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@
sha256:a3c31b3d93a3157de6793b35a4fc9234942aea79797e94bd13f2f994d4aea175_amd64:
service-interconnect/skupper-site-controller-rhel9@sha256:a3c31b3d93a3157de6793b
35a4fc9234942aea79797e94bd13f2f994d4aea175_amd64.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@
sha256:d7ef2b4309851199a3a9b1a533d9b2f8ebf2749114d1f5024a39d4a10b038e1e_s390x:
service-interconnect/skupper-site-controller-rhel9@sha256:d7ef2b4309851199a3a9b1
a533d9b2f8ebf2749114d1f5024a39d4a10b038e1e_s390x.rpm
9Base-Service-Interconnect-1:service-interconnect/skupper-site-controller-rhel9@
sha256:f465001e8c2cb1369db5f2c109aa3ea0e6ff3d76b670f47ffcf54d35e216a08c_arm64:
service-interconnect/skupper-site-controller-rhel9@sha256:f465001e8c2cb1369db5f2
c109aa3ea0e6ff3d76b670f47ffcf54d35e216a08c_arm64.rpm
7. References:
https://access.redhat.com/security/cve/CVE-2023-39318
https://access.redhat.com/security/cve/CVE-2023-39319
https://access.redhat.com/security/cve/CVE-2023-39321
https://access.redhat.com/security/cve/CVE-2023-39322
https://access.redhat.com/security/cve/CVE-2023-39326
https://access.redhat.com/security/cve/CVE-2023-45287
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_service_interconnect/
- --------------------------END INCLUDED TEXT----------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================