Vulnerability Database
Blog
FAQ
Docs
RHSA-2023:1325
See a problem?
Please try reporting it
to the source
first.
Source
https://access.redhat.com/errata/RHSA-2023:1325
Import Source
https://security.access.redhat.com/data/osv/RHSA-2023:1325.json
JSON Data
https://api.osv.dev/v1/vulns/RHSA-2023:1325
Related
CVE-2022-27191
CVE-2022-2990
CVE-2022-3259
CVE-2022-41717
CVE-2022-41722
CVE-2022-41723
CVE-2022-41724
CVE-2022-41725
CVE-2023-0056
CVE-2023-0229
CVE-2023-0778
CVE-2023-25577
CVE-2023-25725
GO-2022-1144
GO-2023-1569
GO-2023-1570
GO-2023-1571
Published
2024-10-02T00:13:13Z
Modified
2024-10-29T20:34:27Z
Severity
8.2 (High)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
CVSS Calculator
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update
Details
References
https://access.redhat.com/errata/RHSA-2023:1325
https://access.redhat.com/security/updates/classification/#important
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html
https://bugzilla.redhat.com/show_bug.cgi?id=2103220
https://bugzilla.redhat.com/show_bug.cgi?id=2121453
https://bugzilla.redhat.com/show_bug.cgi?id=2160349
https://bugzilla.redhat.com/show_bug.cgi?id=2160808
https://bugzilla.redhat.com/show_bug.cgi?id=2161274
https://bugzilla.redhat.com/show_bug.cgi?id=2168256
https://bugzilla.redhat.com/show_bug.cgi?id=2169089
https://bugzilla.redhat.com/show_bug.cgi?id=2170242
https://bugzilla.redhat.com/show_bug.cgi?id=2178358
https://bugzilla.redhat.com/show_bug.cgi?id=2178488
https://bugzilla.redhat.com/show_bug.cgi?id=2178492
https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1325.json
https://access.redhat.com/security/cve/CVE-2022-2990
https://www.cve.org/CVERecord?id=CVE-2022-2990
https://nvd.nist.gov/vuln/detail/CVE-2022-2990
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
https://access.redhat.com/security/cve/CVE-2022-3259
https://www.cve.org/CVERecord?id=CVE-2022-3259
https://nvd.nist.gov/vuln/detail/CVE-2022-3259
https://access.redhat.com/security/cve/CVE-2022-27191
https://bugzilla.redhat.com/show_bug.cgi?id=2064702
https://www.cve.org/CVERecord?id=CVE-2022-27191
https://nvd.nist.gov/vuln/detail/CVE-2022-27191
https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ
https://access.redhat.com/security/cve/CVE-2022-41717
https://www.cve.org/CVERecord?id=CVE-2022-41717
https://nvd.nist.gov/vuln/detail/CVE-2022-41717
https://go.dev/cl/455635
https://go.dev/cl/455717
https://go.dev/issue/56350
https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ
https://pkg.go.dev/vuln/GO-2022-1144
https://access.redhat.com/security/cve/CVE-2022-41722
https://bugzilla.redhat.com/show_bug.cgi?id=2203008
https://www.cve.org/CVERecord?id=CVE-2022-41722
https://nvd.nist.gov/vuln/detail/CVE-2022-41722
https://access.redhat.com/security/cve/CVE-2022-41723
https://www.cve.org/CVERecord?id=CVE-2022-41723
https://nvd.nist.gov/vuln/detail/CVE-2022-41723
https://github.com/advisories/GHSA-vvpx-j8f3-3w6h
https://go.dev/cl/468135
https://go.dev/cl/468295
https://go.dev/issue/57855
https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
https://pkg.go.dev/vuln/GO-2023-1571
https://vuln.go.dev/ID/GO-2023-1571.json
https://access.redhat.com/security/cve/CVE-2022-41724
https://www.cve.org/CVERecord?id=CVE-2022-41724
https://nvd.nist.gov/vuln/detail/CVE-2022-41724
https://go.dev/cl/468125
https://go.dev/issue/58001
https://pkg.go.dev/vuln/GO-2023-1570
https://access.redhat.com/security/cve/CVE-2022-41725
https://www.cve.org/CVERecord?id=CVE-2022-41725
https://nvd.nist.gov/vuln/detail/CVE-2022-41725
https://go.dev/cl/468124
https://go.dev/issue/58006
https://pkg.go.dev/vuln/GO-2023-1569
https://access.redhat.com/security/cve/CVE-2023-0056
https://www.cve.org/CVERecord?id=CVE-2023-0056
https://nvd.nist.gov/vuln/detail/CVE-2023-0056
https://github.com/haproxy/haproxy/issues/1972
https://access.redhat.com/security/cve/CVE-2023-0229
https://www.cve.org/CVERecord?id=CVE-2023-0229
https://nvd.nist.gov/vuln/detail/CVE-2023-0229
https://github.com/advisories/GHSA-5465-xc2j-6p84
https://access.redhat.com/security/cve/CVE-2023-0778
https://www.cve.org/CVERecord?id=CVE-2023-0778
https://nvd.nist.gov/vuln/detail/CVE-2023-0778
https://github.com/advisories/GHSA-qwqv-rqgf-8qh8
https://access.redhat.com/security/cve/CVE-2023-25577
https://www.cve.org/CVERecord?id=CVE-2023-25577
https://nvd.nist.gov/vuln/detail/CVE-2023-25577
https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
https://github.com/pallets/werkzeug/releases/tag/2.2.3
https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
https://access.redhat.com/security/cve/CVE-2023-25725
https://www.cve.org/CVERecord?id=CVE-2023-25725
https://nvd.nist.gov/vuln/detail/CVE-2023-25725
https://www.haproxy.com/blog/february-2023-header-parser-fixed/
https://www.mail-archive.com/haproxy@formilux.org/msg43229.html
Affected packages
Red Hat:openshift:4.13::el9
/
buildah
Package
Name
buildah
Purl
pkg:rpm/redhat/buildah
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:1.29.1-1.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
buildah-debuginfo
Package
Name
buildah-debuginfo
Purl
pkg:rpm/redhat/buildah-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:1.29.1-1.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
buildah-debugsource
Package
Name
buildah-debugsource
Purl
pkg:rpm/redhat/buildah-debugsource
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:1.29.1-1.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
buildah-tests
Package
Name
buildah-tests
Purl
pkg:rpm/redhat/buildah-tests
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:1.29.1-1.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
buildah-tests-debuginfo
Package
Name
buildah-tests-debuginfo
Purl
pkg:rpm/redhat/buildah-tests-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:1.29.1-1.rhaos4.13.el9
Red Hat:openshift:4.13::el8
/
openshift
Package
Name
openshift
Purl
pkg:rpm/redhat/openshift
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.13.0-202304211155.p0.gb404935.assembly.stream.el8
Red Hat:openshift:4.13::el8
/
openshift-hyperkube
Package
Name
openshift-hyperkube
Purl
pkg:rpm/redhat/openshift-hyperkube
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.13.0-202304211155.p0.gb404935.assembly.stream.el8
Red Hat:openshift:4.13::el9
/
openshift
Package
Name
openshift
Purl
pkg:rpm/redhat/openshift
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.13.0-202304211155.p0.gb404935.assembly.stream.el9
Red Hat:openshift:4.13::el9
/
openshift-hyperkube
Package
Name
openshift-hyperkube
Purl
pkg:rpm/redhat/openshift-hyperkube
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.13.0-202304211155.p0.gb404935.assembly.stream.el9
Red Hat:openshift:4.13::el8
/
openshift-clients
Package
Name
openshift-clients
Purl
pkg:rpm/redhat/openshift-clients
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.13.0-202303241616.p0.g92b1a3d.assembly.stream.el8
Red Hat:openshift:4.13::el8
/
openshift-clients-redistributable
Package
Name
openshift-clients-redistributable
Purl
pkg:rpm/redhat/openshift-clients-redistributable
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.13.0-202303241616.p0.g92b1a3d.assembly.stream.el8
Red Hat:openshift:4.13::el9
/
openshift-clients
Package
Name
openshift-clients
Purl
pkg:rpm/redhat/openshift-clients
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.13.0-202303241616.p0.g92b1a3d.assembly.stream.el9
Red Hat:openshift:4.13::el9
/
openshift-clients-redistributable
Package
Name
openshift-clients-redistributable
Purl
pkg:rpm/redhat/openshift-clients-redistributable
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.13.0-202303241616.p0.g92b1a3d.assembly.stream.el9
Red Hat:openshift:4.13::el9
/
cri-o
Package
Name
cri-o
Purl
pkg:rpm/redhat/cri-o
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.26.3-3.rhaos4.13.git641290e.el9
Red Hat:openshift:4.13::el9
/
cri-o-debuginfo
Package
Name
cri-o-debuginfo
Purl
pkg:rpm/redhat/cri-o-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.26.3-3.rhaos4.13.git641290e.el9
Red Hat:openshift:4.13::el9
/
cri-o-debugsource
Package
Name
cri-o-debugsource
Purl
pkg:rpm/redhat/cri-o-debugsource
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.26.3-3.rhaos4.13.git641290e.el9
Red Hat:openshift:4.13::el9
/
skopeo
Package
Name
skopeo
Purl
pkg:rpm/redhat/skopeo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
2:1.10.0-1.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
skopeo-debuginfo
Package
Name
skopeo-debuginfo
Purl
pkg:rpm/redhat/skopeo-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
2:1.10.0-1.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
skopeo-debugsource
Package
Name
skopeo-debugsource
Purl
pkg:rpm/redhat/skopeo-debugsource
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
2:1.10.0-1.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
skopeo-tests
Package
Name
skopeo-tests
Purl
pkg:rpm/redhat/skopeo-tests
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
2:1.10.0-1.rhaos4.13.el9
Red Hat:openshift:4.13::el8
/
haproxy
Package
Name
haproxy
Purl
pkg:rpm/redhat/haproxy
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.2.24-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
haproxy-debugsource
Package
Name
haproxy-debugsource
Purl
pkg:rpm/redhat/haproxy-debugsource
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.2.24-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
haproxy22
Package
Name
haproxy22
Purl
pkg:rpm/redhat/haproxy22
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.2.24-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
haproxy22-debuginfo
Package
Name
haproxy22-debuginfo
Purl
pkg:rpm/redhat/haproxy22-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.2.24-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
podman
Package
Name
podman
Purl
pkg:rpm/redhat/podman
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
podman-catatonit
Package
Name
podman-catatonit
Purl
pkg:rpm/redhat/podman-catatonit
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
podman-catatonit-debuginfo
Package
Name
podman-catatonit-debuginfo
Purl
pkg:rpm/redhat/podman-catatonit-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
podman-debuginfo
Package
Name
podman-debuginfo
Purl
pkg:rpm/redhat/podman-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
podman-debugsource
Package
Name
podman-debugsource
Purl
pkg:rpm/redhat/podman-debugsource
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
podman-docker
Package
Name
podman-docker
Purl
pkg:rpm/redhat/podman-docker
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
podman-gvproxy
Package
Name
podman-gvproxy
Purl
pkg:rpm/redhat/podman-gvproxy
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
podman-gvproxy-debuginfo
Package
Name
podman-gvproxy-debuginfo
Purl
pkg:rpm/redhat/podman-gvproxy-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
podman-plugins
Package
Name
podman-plugins
Purl
pkg:rpm/redhat/podman-plugins
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
podman-plugins-debuginfo
Package
Name
podman-plugins-debuginfo
Purl
pkg:rpm/redhat/podman-plugins-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
podman-remote
Package
Name
podman-remote
Purl
pkg:rpm/redhat/podman-remote
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
podman-remote-debuginfo
Package
Name
podman-remote-debuginfo
Purl
pkg:rpm/redhat/podman-remote-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el8
Red Hat:openshift:4.13::el8
/
podman-tests
Package
Name
podman-tests
Purl
pkg:rpm/redhat/podman-tests
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el8
Red Hat:openshift:4.13::el9
/
podman
Package
Name
podman
Purl
pkg:rpm/redhat/podman
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
podman-debuginfo
Package
Name
podman-debuginfo
Purl
pkg:rpm/redhat/podman-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
podman-debugsource
Package
Name
podman-debugsource
Purl
pkg:rpm/redhat/podman-debugsource
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
podman-docker
Package
Name
podman-docker
Purl
pkg:rpm/redhat/podman-docker
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
podman-gvproxy
Package
Name
podman-gvproxy
Purl
pkg:rpm/redhat/podman-gvproxy
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
podman-gvproxy-debuginfo
Package
Name
podman-gvproxy-debuginfo
Purl
pkg:rpm/redhat/podman-gvproxy-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
podman-plugins
Package
Name
podman-plugins
Purl
pkg:rpm/redhat/podman-plugins
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
podman-plugins-debuginfo
Package
Name
podman-plugins-debuginfo
Purl
pkg:rpm/redhat/podman-plugins-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
podman-remote
Package
Name
podman-remote
Purl
pkg:rpm/redhat/podman-remote
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
podman-remote-debuginfo
Package
Name
podman-remote-debuginfo
Purl
pkg:rpm/redhat/podman-remote-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el9
Red Hat:openshift:4.13::el9
/
podman-tests
Package
Name
podman-tests
Purl
pkg:rpm/redhat/podman-tests
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3:4.4.1-3.rhaos4.13.el9
Red Hat:openshift:4.13::el8
/
python-werkzeug
Package
Name
python-werkzeug
Purl
pkg:rpm/redhat/python-werkzeug
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.0.1-3.el8ost
Red Hat:openshift:4.13::el8
/
python3-werkzeug
Package
Name
python3-werkzeug
Purl
pkg:rpm/redhat/python3-werkzeug
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.0.1-3.el8ost
Red Hat:openshift_ironic:4.13::el9
/
python-werkzeug
Package
Name
python-werkzeug
Purl
pkg:rpm/redhat/python-werkzeug
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.3-4.el9
Red Hat:openshift_ironic:4.13::el9
/
python3-werkzeug
Package
Name
python3-werkzeug
Purl
pkg:rpm/redhat/python3-werkzeug
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.3-4.el9
RHSA-2023:1325 - OSV