Bug 2212085 (CVE-2023-3089, woodpecker) - CVE-2023-3089 openshift: OCP & FIPS mode
Summary: CVE-2023-3089 openshift: OCP & FIPS mode
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-3089, woodpecker
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
: 2211636 (view as bug list)
Depends On: 2224244 2224246 2224268 2224269 2226771 2226772 2226773
Blocks: 2211655 2212086
TreeView+ depends on / blocked
 
Reported: 2023-06-03 18:14 UTC by Nick Tait
Modified: 2024-02-27 08:14 UTC (History)
36 users (show)

Fixed In Version: openshift-4.12.0
Doc Type: If docs needed, set a value
Doc Text:
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Clone Of:
Environment:
Last Closed: 2023-07-14 21:55:17 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:4490 0 None None None 2023-08-07 01:07:45 UTC
Red Hat Product Errata RHSA-2023:3910 0 None None None 2023-07-06 02:57:47 UTC
Red Hat Product Errata RHSA-2023:3911 0 None None None 2023-07-06 02:32:59 UTC
Red Hat Product Errata RHSA-2023:3914 0 None None None 2023-07-06 02:44:39 UTC
Red Hat Product Errata RHSA-2023:3915 0 None None None 2023-07-06 02:22:46 UTC
Red Hat Product Errata RHSA-2023:3924 0 None None None 2023-07-06 14:10:22 UTC
Red Hat Product Errata RHSA-2023:3925 0 None None None 2023-07-06 14:02:24 UTC
Red Hat Product Errata RHSA-2023:4093 0 None None None 2023-07-20 17:29:07 UTC
Red Hat Product Errata RHSA-2023:4112 0 None None None 2023-07-17 16:29:46 UTC
Red Hat Product Errata RHSA-2023:4113 0 None None None 2023-07-17 16:29:52 UTC
Red Hat Product Errata RHSA-2023:4114 0 None None None 2023-07-17 16:30:01 UTC
Red Hat Product Errata RHSA-2023:4204 0 None None None 2023-07-18 23:11:28 UTC
Red Hat Product Errata RHSA-2023:4238 0 None None None 2023-07-20 16:12:46 UTC
Red Hat Product Errata RHSA-2023:4241 0 None None None 2023-07-20 16:16:34 UTC
Red Hat Product Errata RHSA-2023:4276 0 None None None 2023-07-25 18:31:35 UTC
Red Hat Product Errata RHSA-2023:4286 0 None None None 2023-07-26 17:12:12 UTC
Red Hat Product Errata RHSA-2023:4287 0 None None None 2023-07-26 16:57:58 UTC
Red Hat Product Errata RHSA-2023:4290 0 None None None 2023-07-27 00:59:33 UTC
Red Hat Product Errata RHSA-2023:4421 0 None None None 2023-08-01 14:51:34 UTC
Red Hat Product Errata RHSA-2023:4437 0 None None None 2023-08-02 16:07:44 UTC
Red Hat Product Errata RHSA-2023:4456 0 None None None 2023-08-08 11:17:40 UTC
Red Hat Product Errata RHSA-2023:4471 0 None None None 2023-08-03 14:55:37 UTC
Red Hat Product Errata RHSA-2023:4472 0 None None None 2023-08-03 15:51:32 UTC
Red Hat Product Errata RHSA-2023:4475 0 None None None 2023-08-03 18:44:12 UTC
Red Hat Product Errata RHSA-2023:4575 0 None None None 2023-08-08 17:44:40 UTC
Red Hat Product Errata RHSA-2023:4576 0 None None None 2023-08-08 18:00:47 UTC
Red Hat Product Errata RHSA-2023:4650 0 None None None 2023-08-14 19:53:16 UTC
Red Hat Product Errata RHSA-2023:4654 0 None None None 2023-08-15 15:13:56 UTC
Red Hat Product Errata RHSA-2023:4664 0 None None None 2023-08-16 14:09:50 UTC
Red Hat Product Errata RHSA-2023:4862 0 None None None 2023-08-29 16:10:19 UTC
Red Hat Product Errata RHSA-2023:4875 0 None None None 2023-08-30 14:18:50 UTC
Red Hat Product Errata RHSA-2023:4972 0 None None None 2023-09-05 13:04:51 UTC
Red Hat Product Errata RHSA-2023:4980 0 None None None 2023-09-05 15:51:30 UTC
Red Hat Product Errata RHSA-2023:5006 0 None None None 2023-10-31 12:54:47 UTC
Red Hat Product Errata RHSA-2023:5009 0 None None None 2023-10-31 14:02:05 UTC
Red Hat Product Errata RHSA-2023:5103 0 None None None 2023-09-12 13:06:20 UTC

Comment 3 Hardik Vyas 2023-06-05 12:00:43 UTC 
*** Bug 2211636 has been marked as a duplicate of this bug. ***
Comment 21 errata-xmlrpc 2023-07-06 02:22:43 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:3915 https://access.redhat.com/errata/RHSA-2023:3915
Comment 22 errata-xmlrpc 2023-07-06 02:32:57 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2023:3911 https://access.redhat.com/errata/RHSA-2023:3911
Comment 23 errata-xmlrpc 2023-07-06 02:44:36 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:3914 https://access.redhat.com/errata/RHSA-2023:3914
Comment 24 errata-xmlrpc 2023-07-06 02:57:44 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2023:3910 https://access.redhat.com/errata/RHSA-2023:3910
Comment 25 errata-xmlrpc 2023-07-06 14:02:22 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:3925 https://access.redhat.com/errata/RHSA-2023:3925
Comment 26 errata-xmlrpc 2023-07-06 14:10:19 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:3924 https://access.redhat.com/errata/RHSA-2023:3924
Comment 34 Product Security DevOps Team 2023-07-14 21:55:14 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-3089
Comment 38 errata-xmlrpc 2023-07-17 16:29:44 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.2 for RHEL 8

Via RHSA-2023:4112 https://access.redhat.com/errata/RHSA-2023:4112
Comment 39 errata-xmlrpc 2023-07-17 16:29:50 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.3 for RHEL 8

Via RHSA-2023:4113 https://access.redhat.com/errata/RHSA-2023:4113
Comment 40 errata-xmlrpc 2023-07-17 16:29:58 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.4 for RHEL 8

Via RHSA-2023:4114 https://access.redhat.com/errata/RHSA-2023:4114
Comment 43 errata-xmlrpc 2023-07-18 23:11:26 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.8 for RHEL 8

Via RHSA-2023:4204 https://access.redhat.com/errata/RHSA-2023:4204
Comment 49 errata-xmlrpc 2023-07-20 16:12:43 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Data Foundation 4.11 on RHEL8

Via RHSA-2023:4238 https://access.redhat.com/errata/RHSA-2023:4238
Comment 50 errata-xmlrpc 2023-07-20 16:16:32 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Data Foundation 4.10 on RHEL8

Via RHSA-2023:4241 https://access.redhat.com/errata/RHSA-2023:4241
Comment 51 errata-xmlrpc 2023-07-20 17:29:05 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13
  Ironic content for Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:4093 https://access.redhat.com/errata/RHSA-2023:4093
Comment 53 errata-xmlrpc 2023-07-25 18:31:33 UTC 
This issue has been addressed in the following products:

  DEVWORKSPACE-1.0-RHEL-8

Via RHSA-2023:4276 https://access.redhat.com/errata/RHSA-2023:4276
Comment 56 errata-xmlrpc 2023-07-26 16:57:56 UTC 
This issue has been addressed in the following products:

  RHODF-4.12-RHEL-8

Via RHSA-2023:4287 https://access.redhat.com/errata/RHSA-2023:4287
Comment 57 errata-xmlrpc 2023-07-26 17:12:09 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Dev Spaces 3 Containers

Via RHSA-2023:4286 https://access.redhat.com/errata/RHSA-2023:4286
Comment 58 errata-xmlrpc 2023-07-27 00:59:31 UTC 
This issue has been addressed in the following products:

  OSE-OSC-1.4-RHEL-9

Via RHSA-2023:4290 https://access.redhat.com/errata/RHSA-2023:4290
Comment 60 errata-xmlrpc 2023-08-01 14:51:31 UTC 
This issue has been addressed in the following products:

  RHEL-8-CNV-4.12

Via RHSA-2023:4421 https://access.redhat.com/errata/RHSA-2023:4421
Comment 62 errata-xmlrpc 2023-08-02 16:07:41 UTC 
This issue has been addressed in the following products:

  RHODF-4.13-RHEL-9

Via RHSA-2023:4437 https://access.redhat.com/errata/RHSA-2023:4437
Comment 64 errata-xmlrpc 2023-08-03 14:55:34 UTC 
This issue has been addressed in the following products:

  Openshift Serverless 1 on RHEL 8

Via RHSA-2023:4471 https://access.redhat.com/errata/RHSA-2023:4471
Comment 65 errata-xmlrpc 2023-08-03 15:51:29 UTC 
This issue has been addressed in the following products:

  RHOSS-1.29-RHEL-8

Via RHSA-2023:4472 https://access.redhat.com/errata/RHSA-2023:4472
Comment 66 errata-xmlrpc 2023-08-03 18:44:11 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8

Via RHSA-2023:4475 https://access.redhat.com/errata/RHSA-2023:4475
Comment 67 errata-xmlrpc 2023-08-08 11:17:37 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:4456 https://access.redhat.com/errata/RHSA-2023:4456
Comment 68 errata-xmlrpc 2023-08-08 17:44:38 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8

Via RHSA-2023:4575 https://access.redhat.com/errata/RHSA-2023:4575
Comment 69 errata-xmlrpc 2023-08-08 18:00:44 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8

Via RHSA-2023:4576 https://access.redhat.com/errata/RHSA-2023:4576
Comment 70 errata-xmlrpc 2023-08-14 19:53:14 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.2 for RHEL 8

Via RHSA-2023:4650 https://access.redhat.com/errata/RHSA-2023:4650
Comment 71 errata-xmlrpc 2023-08-15 15:13:54 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8

Via RHSA-2023:4654 https://access.redhat.com/errata/RHSA-2023:4654
Comment 72 errata-xmlrpc 2023-08-16 14:09:47 UTC 
This issue has been addressed in the following products:

  RHEL-9-CNV-4.13

Via RHSA-2023:4664 https://access.redhat.com/errata/RHSA-2023:4664
Comment 74 errata-xmlrpc 2023-08-29 16:10:16 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.3 for RHEL 8

Via RHSA-2023:4862 https://access.redhat.com/errata/RHSA-2023:4862
Comment 75 errata-xmlrpc 2023-08-30 14:18:48 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.8 for RHEL 8

Via RHSA-2023:4875 https://access.redhat.com/errata/RHSA-2023:4875
Comment 78 errata-xmlrpc 2023-09-05 13:04:49 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.1 for RHEL 8

Via RHSA-2023:4972 https://access.redhat.com/errata/RHSA-2023:4972
Comment 79 errata-xmlrpc 2023-09-05 15:51:27 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8

Via RHSA-2023:4980 https://access.redhat.com/errata/RHSA-2023:4980
Comment 80 errata-xmlrpc 2023-09-12 13:06:17 UTC 
This issue has been addressed in the following products:

  RHEL-8-CNV-4.11

Via RHSA-2023:5103 https://access.redhat.com/errata/RHSA-2023:5103
Comment 82 errata-xmlrpc 2023-10-31 12:54:44 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:5006 https://access.redhat.com/errata/RHSA-2023:5006
Comment 83 errata-xmlrpc 2023-10-31 14:02:02 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:5009 https://access.redhat.com/errata/RHSA-2023:5009
Note You need to log in before you can comment on or make changes to this bug.