2243296 – (CVE-2023-39325) CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

Bug 2243296 (CVE-2023-39325) - CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

Summary: CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause e...

Keywords:
Status:	NEW
Alias:	CVE-2023-39325
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2242010 (view as bug list)
Depends On:	2243237 2243238 2243239 2243240 2243562 2243605 2244036 2244047 2244058 2246153 2246154 2246155 2246156 2246157 2246158 2246159 2246160 2246161 2246162 2246163 2243212 2243219 2243220 2243221 2243222 2243223 2243224 2243227 2243242 2243243 2243281 2243558 2243559 2243560 2243561 2243564 2243616 2243617 2243641 2243696 2243832 2243833 2243834 2243837 2243838 2243878 2243879 2243880 2243881 2243886 2243887 2243888 2243890 2243891 2243892 2243893 2243894 2243895 2243896 2243897 2243898 2243899 2243900 2243901 2243902 2243903 2243904 2243905 2243906 2243907 2243908 2243909 2243910 2243911 2243912 2243913 2243914 2243915 2243916 2243917 2243918 2243919 2243920 2243921 2243922 2243923 2243924 2243925 2243926 2243927 2243928 2243929 2243930 2243931 2243932 2243933 2243934 2243935 2243936 2243937 2243938 2243939 2243940 2243941 2243942 2243943 2243944 2243945 2243946 2243947 2243948 2243949 2243950 2243951 2243952 2243953 2243954 2243955 2243956 2243957 2243958 2243959 2243960 2243961 2243962 2243963 2243964 2243965 2243966 2243967 2243968 2243969 2243970 2243971 2243972 2243973 2243974 2243975 2243976 2243977 2243978 2243979 2243980 2243981 2243982 2243983 2243984 2243985 2243986 2243987 2243988 2243989 2243990 2243991 2243992 2243993 2243994 2243995 2243996 2243997 2243998 2243999 2244000 2244001 2244002 2244003 2244004 2244005 2244006 2244007 2244008 2244009 2244010 2244011 2244013 2244014 2244015 2244016 2244017 2244018 2244019 2244020 2244021 2244022 2244023 2244024 2244025 2244026 2244027 2244028 2244029 2244030 2244031 2244033 2244034 2244035 2244037 2244038 2244040 2244041 2244042 2244043 2244044 2244045 2244046 2244048 2244049 2244050 2244051 2244052 2244053 2244054 2244055 2244056 2244057 2244059 2244060 2244061 2244062 2244063 2244064 2244065 2244066 2244067 2244068 2244069 2244070 2244071 2244072 2244073 2244074 2244075 2244076 2244077 2244078 2244079 2244080 2244081 2244082 2244083 2244084 2244085 2244086 2244087 2244088 2244089 2244090 2244091 2244092 2244094 2244858 2245036 2245037 2245039 2245040 2245079 2245101 2245302 2245303 2245304 2245305 2245306 2245307 2245308 2245309 2246164 2246165 2246166 2246167 2247598
Blocks:	2241333 2243139
TreeView+	depends on / blocked

Reported:	2023-10-11 16:14 UTC by Zack Miele
Modified:	2024-04-18 11:59 UTC (History)
CC List:	80 users (show)
Fixed In Version:	golang 1.21.3, golang 1.20.10
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2023:5759	None	None	None	2023-10-16 17:47:09 UTC
Red Hat Product Errata	RHBA-2023:5762	None	None	None	2023-10-17 08:27:59 UTC
Red Hat Product Errata	RHBA-2023:5782	None	None	None	2023-10-17 12:45:21 UTC
Red Hat Product Errata	RHBA-2023:5885	None	None	None	2023-10-19 01:48:51 UTC
Red Hat Product Errata	RHBA-2023:5893	None	None	None	2023-10-19 05:30:10 UTC
Red Hat Product Errata	RHBA-2023:5894	None	None	None	2023-10-19 05:46:52 UTC
Red Hat Product Errata	RHBA-2023:6038	None	None	None	2023-10-23 16:41:43 UTC
Red Hat Product Errata	RHBA-2023:6099	None	None	None	2023-10-25 01:23:17 UTC
Red Hat Product Errata	RHBA-2023:6108	None	None	None	2023-10-25 12:15:44 UTC
Red Hat Product Errata	RHBA-2023:6806	None	None	None	2023-11-08 10:40:24 UTC
Red Hat Product Errata	RHBA-2023:6807	None	None	None	2023-11-08 10:40:42 UTC
Red Hat Product Errata	RHBA-2023:7563	None	None	None	2023-11-28 19:22:49 UTC
Red Hat Product Errata	RHBA-2023:7706	None	None	None	2023-12-07 16:21:41 UTC
Red Hat Product Errata	RHBA-2024:0339	None	None	None	2024-01-23 06:46:49 UTC
Red Hat Product Errata	RHSA-2023:5005	None	None	None	2023-10-31 10:41:12 UTC
Red Hat Product Errata	RHSA-2023:5006	None	None	None	2023-10-31 12:55:06 UTC
Red Hat Product Errata	RHSA-2023:5007	None	None	None	2023-10-31 13:45:33 UTC
Red Hat Product Errata	RHSA-2023:5009	None	None	None	2023-10-31 14:02:32 UTC
Red Hat Product Errata	RHSA-2023:5530	None	None	None	2023-10-20 05:04:54 UTC
Red Hat Product Errata	RHSA-2023:5541	None	None	None	2023-10-20 04:12:17 UTC
Red Hat Product Errata	RHSA-2023:5542	None	None	None	2023-10-24 12:02:25 UTC
Red Hat Product Errata	RHSA-2023:5672	None	None	None	2023-10-17 18:07:25 UTC
Red Hat Product Errata	RHSA-2023:5675	None	None	None	2023-10-17 18:23:15 UTC
Red Hat Product Errata	RHSA-2023:5677	None	None	None	2023-10-18 03:01:30 UTC
Red Hat Product Errata	RHSA-2023:5679	None	None	None	2023-10-18 03:16:13 UTC
Red Hat Product Errata	RHSA-2023:5697	None	None	None	2023-10-18 14:47:38 UTC
Red Hat Product Errata	RHSA-2023:5717	None	None	None	2023-10-18 15:04:04 UTC
Red Hat Product Errata	RHSA-2023:5719	None	None	None	2023-10-16 11:28:27 UTC
Red Hat Product Errata	RHSA-2023:5721	None	None	None	2023-10-16 12:31:24 UTC
Red Hat Product Errata	RHSA-2023:5738	None	None	None	2023-10-16 13:57:24 UTC
Red Hat Product Errata	RHSA-2023:5805	None	None	None	2023-10-17 17:40:32 UTC
Red Hat Product Errata	RHSA-2023:5809	None	None	None	2023-10-17 18:44:50 UTC
Red Hat Product Errata	RHSA-2023:5810	None	None	None	2023-10-17 18:48:11 UTC
Red Hat Product Errata	RHSA-2023:5835	None	None	None	2023-10-18 07:54:33 UTC
Red Hat Product Errata	RHSA-2023:5851	None	None	None	2023-10-18 16:23:32 UTC
Red Hat Product Errata	RHSA-2023:5863	None	None	None	2023-10-18 22:55:52 UTC
Red Hat Product Errata	RHSA-2023:5864	None	None	None	2023-10-18 22:51:51 UTC
Red Hat Product Errata	RHSA-2023:5865	None	None	None	2023-10-18 22:52:31 UTC
Red Hat Product Errata	RHSA-2023:5866	None	None	None	2023-10-18 22:52:11 UTC
Red Hat Product Errata	RHSA-2023:5867	None	None	None	2023-10-18 22:55:35 UTC
Red Hat Product Errata	RHSA-2023:5895	None	None	None	2023-10-25 00:59:13 UTC
Red Hat Product Errata	RHSA-2023:5931	None	None	None	2023-10-19 13:13:21 UTC
Red Hat Product Errata	RHSA-2023:5933	None	None	None	2023-10-26 01:04:51 UTC
Red Hat Product Errata	RHSA-2023:5935	None	None	None	2023-10-19 16:50:47 UTC
Red Hat Product Errata	RHSA-2023:5947	None	None	None	2023-10-26 00:48:13 UTC
Red Hat Product Errata	RHSA-2023:5950	None	None	None	2023-10-19 22:22:57 UTC
Red Hat Product Errata	RHSA-2023:5951	None	None	None	2023-10-19 22:23:18 UTC
Red Hat Product Errata	RHSA-2023:5952	None	None	None	2023-10-19 22:23:43 UTC
Red Hat Product Errata	RHSA-2023:5964	None	None	None	2023-10-20 14:58:04 UTC
Red Hat Product Errata	RHSA-2023:5965	None	None	None	2023-10-20 14:57:36 UTC
Red Hat Product Errata	RHSA-2023:5967	None	None	None	2023-10-20 14:57:07 UTC
Red Hat Product Errata	RHSA-2023:5969	None	None	None	2023-10-20 14:56:40 UTC
Red Hat Product Errata	RHSA-2023:5970	None	None	None	2023-10-20 14:57:43 UTC
Red Hat Product Errata	RHSA-2023:5971	None	None	None	2023-10-20 14:56:54 UTC
Red Hat Product Errata	RHSA-2023:5974	None	None	None	2023-10-20 16:50:25 UTC
Red Hat Product Errata	RHSA-2023:5976	None	None	None	2023-10-20 17:18:57 UTC
Red Hat Product Errata	RHSA-2023:5979	None	None	None	2023-10-20 18:43:28 UTC
Red Hat Product Errata	RHSA-2023:5980	None	None	None	2023-10-20 18:44:10 UTC
Red Hat Product Errata	RHSA-2023:5982	None	None	None	2023-10-20 22:25:20 UTC
Red Hat Product Errata	RHSA-2023:6031	None	None	None	2023-10-23 14:25:26 UTC
Red Hat Product Errata	RHSA-2023:6039	None	None	None	2023-10-23 18:30:58 UTC
Red Hat Product Errata	RHSA-2023:6040	None	None	None	2023-10-23 18:31:17 UTC
Red Hat Product Errata	RHSA-2023:6041	None	None	None	2023-10-23 18:31:29 UTC
Red Hat Product Errata	RHSA-2023:6042	None	None	None	2023-10-23 18:39:43 UTC
Red Hat Product Errata	RHSA-2023:6044	None	None	None	2023-10-23 19:21:43 UTC
Red Hat Product Errata	RHSA-2023:6048	None	None	None	2023-10-23 20:24:58 UTC
Red Hat Product Errata	RHSA-2023:6057	None	None	None	2023-10-23 21:10:25 UTC
Red Hat Product Errata	RHSA-2023:6059	None	None	None	2023-10-23 21:17:32 UTC
Red Hat Product Errata	RHSA-2023:6061	None	None	None	2023-10-23 21:57:44 UTC
Red Hat Product Errata	RHSA-2023:6071	None	None	None	2023-10-24 09:41:06 UTC
Red Hat Product Errata	RHSA-2023:6077	None	None	None	2023-10-24 12:14:29 UTC
Red Hat Product Errata	RHSA-2023:6084	None	None	None	2023-10-24 14:57:09 UTC
Red Hat Product Errata	RHSA-2023:6085	None	None	None	2023-10-24 15:33:00 UTC
Red Hat Product Errata	RHSA-2023:6115	None	None	None	2023-10-25 14:02:24 UTC
Red Hat Product Errata	RHSA-2023:6116	None	None	None	2023-10-25 14:16:56 UTC
Red Hat Product Errata	RHSA-2023:6118	None	None	None	2023-10-25 14:23:44 UTC
Red Hat Product Errata	RHSA-2023:6119	None	None	None	2023-10-25 15:53:13 UTC
Red Hat Product Errata	RHSA-2023:6121	None	None	None	2023-10-25 15:56:08 UTC
Red Hat Product Errata	RHSA-2023:6122	None	None	None	2023-10-25 18:15:43 UTC
Red Hat Product Errata	RHSA-2023:6125	None	None	None	2023-11-01 10:27:45 UTC
Red Hat Product Errata	RHSA-2023:6126	None	None	None	2023-11-01 11:07:31 UTC
Red Hat Product Errata	RHSA-2023:6129	None	None	None	2023-10-30 12:59:29 UTC
Red Hat Product Errata	RHSA-2023:6130	None	None	None	2023-10-30 13:49:33 UTC
Red Hat Product Errata	RHSA-2023:6143	None	None	None	2023-10-26 16:30:04 UTC
Red Hat Product Errata	RHSA-2023:6145	None	None	None	2023-10-26 18:18:41 UTC
Red Hat Product Errata	RHSA-2023:6148	None	None	None	2023-10-26 19:20:54 UTC
Red Hat Product Errata	RHSA-2023:6154	None	None	None	2023-11-01 00:30:56 UTC
Red Hat Product Errata	RHSA-2023:6156	None	None	None	2023-10-30 00:25:18 UTC
Red Hat Product Errata	RHSA-2023:6161	None	None	None	2023-10-30 02:16:41 UTC
Red Hat Product Errata	RHSA-2023:6165	None	None	None	2023-10-30 08:19:30 UTC
Red Hat Product Errata	RHSA-2023:6179	None	None	None	2023-10-30 12:35:16 UTC
Red Hat Product Errata	RHSA-2023:6200	None	None	None	2023-10-30 18:15:59 UTC
Red Hat Product Errata	RHSA-2023:6202	None	None	None	2023-10-30 20:14:40 UTC
Red Hat Product Errata	RHSA-2023:6217	None	None	None	2023-10-31 14:40:49 UTC
Red Hat Product Errata	RHSA-2023:6220	None	None	None	2023-10-31 18:22:19 UTC
Red Hat Product Errata	RHSA-2023:6233	None	None	None	2023-11-01 11:34:44 UTC
Red Hat Product Errata	RHSA-2023:6235	None	None	None	2023-11-01 12:04:44 UTC
Red Hat Product Errata	RHSA-2023:6240	None	None	None	2023-11-01 13:42:03 UTC
Red Hat Product Errata	RHSA-2023:6243	None	None	None	2023-11-01 14:04:21 UTC
Red Hat Product Errata	RHSA-2023:6248	None	None	None	2023-11-01 14:42:32 UTC
Red Hat Product Errata	RHSA-2023:6251	None	None	None	2023-11-01 16:14:51 UTC
Red Hat Product Errata	RHSA-2023:6256	None	None	None	2023-11-08 08:40:19 UTC
Red Hat Product Errata	RHSA-2023:6257	None	None	None	2023-11-08 08:43:29 UTC
Red Hat Product Errata	RHSA-2023:6269	None	None	None	2023-11-15 03:13:05 UTC
Red Hat Product Errata	RHSA-2023:6271	None	None	None	2023-11-08 09:43:55 UTC
Red Hat Product Errata	RHSA-2023:6272	None	None	None	2023-11-08 10:41:36 UTC
Red Hat Product Errata	RHSA-2023:6275	None	None	None	2023-11-08 10:25:36 UTC
Red Hat Product Errata	RHSA-2023:6276	None	None	None	2023-11-08 10:40:57 UTC
Red Hat Product Errata	RHSA-2023:6279	None	None	None	2023-11-15 01:08:39 UTC
Red Hat Product Errata	RHSA-2023:6280	None	None	None	2023-11-02 10:25:16 UTC
Red Hat Product Errata	RHSA-2023:6296	None	None	None	2023-11-02 19:16:15 UTC
Red Hat Product Errata	RHSA-2023:6298	None	None	None	2023-11-03 08:45:51 UTC
Red Hat Product Errata	RHSA-2023:6305	None	None	None	2023-11-06 11:25:04 UTC
Red Hat Product Errata	RHSA-2023:6779	None	None	None	2023-11-08 00:57:35 UTC
Red Hat Product Errata	RHSA-2023:6781	None	None	None	2023-11-08 01:08:17 UTC
Red Hat Product Errata	RHSA-2023:6782	None	None	None	2023-11-08 01:08:03 UTC
Red Hat Product Errata	RHSA-2023:6783	None	None	None	2023-11-08 01:18:37 UTC
Red Hat Product Errata	RHSA-2023:6784	None	None	None	2023-11-08 01:27:42 UTC
Red Hat Product Errata	RHSA-2023:6785	None	None	None	2023-11-08 01:37:38 UTC
Red Hat Product Errata	RHSA-2023:6786	None	None	None	2023-11-08 01:46:32 UTC
Red Hat Product Errata	RHSA-2023:6787	None	None	None	2023-11-08 01:54:56 UTC
Red Hat Product Errata	RHSA-2023:6788	None	None	None	2023-11-08 02:05:15 UTC
Red Hat Product Errata	RHSA-2023:6817	None	None	None	2023-11-08 14:03:45 UTC
Red Hat Product Errata	RHSA-2023:6818	None	None	None	2023-11-08 14:17:39 UTC
Red Hat Product Errata	RHSA-2023:6828	None	None	None	2023-11-08 18:35:07 UTC
Red Hat Product Errata	RHSA-2023:6832	None	None	None	2023-11-08 18:49:55 UTC
Red Hat Product Errata	RHSA-2023:6836	None	None	None	2023-11-15 00:47:53 UTC
Red Hat Product Errata	RHSA-2023:6837	None	None	None	2023-11-15 04:22:41 UTC
Red Hat Product Errata	RHSA-2023:6839	None	None	None	2023-11-15 18:10:48 UTC
Red Hat Product Errata	RHSA-2023:6840	None	None	None	2023-11-15 04:38:24 UTC
Red Hat Product Errata	RHSA-2023:6841	None	None	None	2023-11-16 20:14:55 UTC
Red Hat Product Errata	RHSA-2023:6842	None	None	None	2023-11-16 20:32:03 UTC
Red Hat Product Errata	RHSA-2023:6845	None	None	None	2023-11-15 00:43:18 UTC
Red Hat Product Errata	RHSA-2023:6846	None	None	None	2023-11-15 01:46:06 UTC
Red Hat Product Errata	RHSA-2023:6893	None	None	None	2023-11-21 12:20:52 UTC
Red Hat Product Errata	RHSA-2023:6894	None	None	None	2023-11-21 12:36:37 UTC
Red Hat Product Errata	RHSA-2023:7197	None	None	None	2024-02-27 19:47:48 UTC
Red Hat Product Errata	RHSA-2023:7198	None	None	None	2024-02-27 20:49:47 UTC
Red Hat Product Errata	RHSA-2023:7200	None	None	None	2024-02-27 22:46:47 UTC
Red Hat Product Errata	RHSA-2023:7201	None	None	None	2024-02-27 22:28:28 UTC
Red Hat Product Errata	RHSA-2023:7215	None	None	None	2023-11-15 00:16:43 UTC
Red Hat Product Errata	RHSA-2023:7288	None	None	None	2023-11-15 19:24:25 UTC
Red Hat Product Errata	RHSA-2023:7315	None	None	None	2023-11-21 11:26:55 UTC
Red Hat Product Errata	RHSA-2023:7322	None	None	None	2023-11-21 11:29:06 UTC
Red Hat Product Errata	RHSA-2023:7323	None	None	None	2023-11-21 11:28:29 UTC
Red Hat Product Errata	RHSA-2023:7325	None	None	None	2023-11-21 11:59:01 UTC
Red Hat Product Errata	RHSA-2023:7342	None	None	None	2023-11-16 20:48:45 UTC
Red Hat Product Errata	RHSA-2023:7344	None	None	None	2023-11-20 07:50:55 UTC
Red Hat Product Errata	RHSA-2023:7345	None	None	None	2023-11-20 08:34:35 UTC
Red Hat Product Errata	RHSA-2023:7469	None	None	None	2023-11-29 10:28:14 UTC
Red Hat Product Errata	RHSA-2023:7470	None	None	None	2023-11-29 11:37:47 UTC
Red Hat Product Errata	RHSA-2023:7474	None	None	None	2023-11-29 00:34:23 UTC
Red Hat Product Errata	RHSA-2023:7475	None	None	None	2023-11-29 01:47:54 UTC
Red Hat Product Errata	RHSA-2023:7478	None	None	None	2023-11-29 00:45:21 UTC
Red Hat Product Errata	RHSA-2023:7479	None	None	None	2023-11-29 01:41:29 UTC
Red Hat Product Errata	RHSA-2023:7515	None	None	None	2023-11-27 16:08:46 UTC
Red Hat Product Errata	RHSA-2023:7521	None	None	None	2023-11-28 13:14:04 UTC
Red Hat Product Errata	RHSA-2023:7522	None	None	None	2023-11-28 13:45:24 UTC
Red Hat Product Errata	RHSA-2023:7555	None	None	None	2023-11-28 18:51:23 UTC
Red Hat Product Errata	RHSA-2023:7599	None	None	None	2023-12-05 09:57:22 UTC
Red Hat Product Errata	RHSA-2023:7602	None	None	None	2023-12-06 00:16:21 UTC
Red Hat Product Errata	RHSA-2023:7604	None	None	None	2023-12-06 00:34:47 UTC
Red Hat Product Errata	RHSA-2023:7607	None	None	None	2023-12-06 16:55:04 UTC
Red Hat Product Errata	RHSA-2023:7608	None	None	None	2023-12-06 17:56:03 UTC
Red Hat Product Errata	RHSA-2023:7610	None	None	None	2023-12-06 18:13:29 UTC
Red Hat Product Errata	RHSA-2023:7662	None	None	None	2023-12-06 00:21:05 UTC
Red Hat Product Errata	RHSA-2023:7682	None	None	None	2023-12-12 09:49:02 UTC
Red Hat Product Errata	RHSA-2023:7687	None	None	None	2023-12-13 00:13:39 UTC
Red Hat Product Errata	RHSA-2023:7690	None	None	None	2023-12-13 21:03:52 UTC
Red Hat Product Errata	RHSA-2023:7691	None	None	None	2023-12-13 21:45:41 UTC
Red Hat Product Errata	RHSA-2023:7699	None	None	None	2023-12-07 14:23:41 UTC
Red Hat Product Errata	RHSA-2023:7703	None	None	None	2023-12-07 14:57:27 UTC
Red Hat Product Errata	RHSA-2023:7704	None	None	None	2023-12-07 15:00:58 UTC
Red Hat Product Errata	RHSA-2023:7710	None	None	None	2023-12-11 00:22:07 UTC
Red Hat Product Errata	RHSA-2023:7741	None	None	None	2023-12-12 13:56:26 UTC
Red Hat Product Errata	RHSA-2023:7823	None	None	None	2024-01-04 14:41:49 UTC
Red Hat Product Errata	RHSA-2023:7827	None	None	None	2024-01-04 14:22:18 UTC
Red Hat Product Errata	RHSA-2023:7831	None	None	None	2024-01-03 20:04:43 UTC
Red Hat Product Errata	RHSA-2024:0050	None	None	None	2024-01-09 16:55:47 UTC
Red Hat Product Errata	RHSA-2024:0059	None	None	None	2024-01-10 00:23:59 UTC
Red Hat Product Errata	RHSA-2024:0193	None	None	None	2024-01-17 09:48:17 UTC
Red Hat Product Errata	RHSA-2024:0198	None	None	None	2024-01-17 18:21:29 UTC
Red Hat Product Errata	RHSA-2024:0269	None	None	None	2024-02-28 00:20:35 UTC
Red Hat Product Errata	RHSA-2024:0273	None	None	None	2024-01-17 08:30:05 UTC
Red Hat Product Errata	RHSA-2024:0290	None	None	None	2024-01-23 20:26:19 UTC
Red Hat Product Errata	RHSA-2024:0302	None	None	None	2024-03-06 13:33:36 UTC
Red Hat Product Errata	RHSA-2024:0306	None	None	None	2024-01-24 20:55:00 UTC
Red Hat Product Errata	RHSA-2024:0484	None	None	None	2024-02-01 19:05:59 UTC
Red Hat Product Errata	RHSA-2024:0485	None	None	None	2024-01-31 16:19:09 UTC
Red Hat Product Errata	RHSA-2024:0642	None	None	None	2024-02-07 17:36:46 UTC
Red Hat Product Errata	RHSA-2024:0660	None	None	None	2024-02-07 15:07:50 UTC
Red Hat Product Errata	RHSA-2024:0664	None	None	None	2024-02-08 19:31:30 UTC
Red Hat Product Errata	RHSA-2024:0682	None	None	None	2024-02-08 18:42:54 UTC
Red Hat Product Errata	RHSA-2024:0741	None	None	None	2024-02-14 06:34:44 UTC
Red Hat Product Errata	RHSA-2024:0766	None	None	None	2024-02-28 08:11:18 UTC
Red Hat Product Errata	RHSA-2024:0777	None	None	None	2024-02-12 10:25:49 UTC
Red Hat Product Errata	RHSA-2024:0833	None	None	None	2024-02-21 01:44:28 UTC
Red Hat Product Errata	RHSA-2024:0837	None	None	None	2024-02-20 15:27:19 UTC
Red Hat Product Errata	RHSA-2024:0941	None	None	None	2024-02-28 00:21:42 UTC
Red Hat Product Errata	RHSA-2024:0946	None	None	None	2024-02-28 14:04:08 UTC
Red Hat Product Errata	RHSA-2024:0954	None	None	None	2024-02-27 15:16:53 UTC
Red Hat Product Errata	RHSA-2024:1037	None	None	None	2024-03-06 14:46:55 UTC
Red Hat Product Errata	RHSA-2024:1052	None	None	None	2024-03-06 00:38:31 UTC
Red Hat Product Errata	RHSA-2024:1449	None	None	None	2024-03-27 11:18:49 UTC
Red Hat Product Errata	RHSA-2024:1454	None	None	None	2024-03-27 00:32:29 UTC
Red Hat Product Errata	RHSA-2024:1458	None	None	None	2024-03-27 00:25:56 UTC
Red Hat Product Errata	RHSA-2024:1464	None	None	None	2024-03-27 19:51:34 UTC
Red Hat Product Errata	RHSA-2024:1572	None	None	None	2024-04-03 06:58:01 UTC
Red Hat Product Errata	RHSA-2024:1765	None	None	None	2024-04-18 11:59:15 UTC
Red Hat Product Errata	RHSA-2024:1770	None	None	None	2024-04-16 14:53:11 UTC

Description Zack Miele 2023-10-11 16:14:49 UTC

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded to the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing.

This CVE is specific to golang, but is also tracked as CVE-2023-44487.

Comment 128 TEJ RATHI 2023-10-12 07:50:08 UTC

Created golang tracking bugs for this issue:

Affects: epel-all [bug 2243616]
Affects: fedora-all [bug 2243617]

Comment 187 errata-xmlrpc 2023-10-16 11:28:16 UTC

This issue has been addressed in the following products:

  Red Hat Developer Tools

Via RHSA-2023:5719 https://access.redhat.com/errata/RHSA-2023:5719

Comment 188 errata-xmlrpc 2023-10-16 12:31:13 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5721 https://access.redhat.com/errata/RHSA-2023:5721

Comment 192 errata-xmlrpc 2023-10-16 13:57:14 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5738 https://access.redhat.com/errata/RHSA-2023:5738

Comment 233 Anten Skrabec 2023-10-16 19:49:32 UTC

*** Bug 2242010 has been marked as a duplicate of this bug. ***

Comment 237 errata-xmlrpc 2023-10-17 17:40:27 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 8
  Red Hat Ansible Automation Platform 2.4 for RHEL 9

Via RHSA-2023:5805 https://access.redhat.com/errata/RHSA-2023:5805

Comment 238 errata-xmlrpc 2023-10-17 18:07:20 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:5672 https://access.redhat.com/errata/RHSA-2023:5672

Comment 239 errata-xmlrpc 2023-10-17 18:23:11 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:5675 https://access.redhat.com/errata/RHSA-2023:5675

Comment 240 errata-xmlrpc 2023-10-17 18:44:45 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.2 for RHEL 8
  Red Hat Ansible Automation Platform 2.2 for RHEL 9

Via RHSA-2023:5809 https://access.redhat.com/errata/RHSA-2023:5809

Comment 241 errata-xmlrpc 2023-10-17 18:48:06 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.3 for RHEL 8
  Red Hat Ansible Automation Platform 2.3 for RHEL 9

Via RHSA-2023:5810 https://access.redhat.com/errata/RHSA-2023:5810

Comment 243 errata-xmlrpc 2023-10-18 03:01:24 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:5677 https://access.redhat.com/errata/RHSA-2023:5677

Comment 244 errata-xmlrpc 2023-10-18 03:16:08 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:5679 https://access.redhat.com/errata/RHSA-2023:5679

Comment 245 errata-xmlrpc 2023-10-18 07:54:28 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:5835 https://access.redhat.com/errata/RHSA-2023:5835

Comment 248 Nick Boldt 2023-10-18 11:39:29 UTC

RHEL9 advisory: https://access.redhat.com/errata/RHSA-2023:5738

Fixed in package: golang-1.19.13-1.el9_2.x86_64.rpm

New base image rhel9/go-toolset:1.19.13-4 contains rpm golang-1.19.13-1.el9_2.x86_64.

$➔ podman run -it --rm --entrypoint /bin/bash --user root registry.redhat.io/rhel9/go-toolset:1.19.13-4 -c "go version; rpm -qa | grep golang-"

go version go1.19.13 linux/amd64

golang-src-1.19.13-1.el9_2.noarch
golang-bin-1.19.13-1.el9_2.x86_64
golang-1.19.13-1.el9_2.x86_64

Comment 249 Nick Boldt 2023-10-18 11:46:39 UTC

RHEL8 advisory: https://access.redhat.com/errata/RHSA-2023:5721

Fixed in package: golang-1.19.13-1.module+el8.8.0+20373+d9cd605c 

New base image rhel8/go-toolset:1.19.13-2 @ https://catalog.redhat.com/software/containers/rhel8/go-toolset/5b9c810add19c70b45cbd666

Comment 250 errata-xmlrpc 2023-10-18 14:47:32 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:5697 https://access.redhat.com/errata/RHSA-2023:5697

Comment 251 errata-xmlrpc 2023-10-18 15:04:00 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:5717 https://access.redhat.com/errata/RHSA-2023:5717

Comment 253 errata-xmlrpc 2023-10-18 16:23:26 UTC

This issue has been addressed in the following products:

  RHACS-4.1-RHEL-8

Via RHSA-2023:5851 https://access.redhat.com/errata/RHSA-2023:5851

Comment 259 errata-xmlrpc 2023-10-18 22:51:46 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5864 https://access.redhat.com/errata/RHSA-2023:5864

Comment 260 errata-xmlrpc 2023-10-18 22:52:06 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5866 https://access.redhat.com/errata/RHSA-2023:5866

Comment 261 errata-xmlrpc 2023-10-18 22:52:24 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:5865 https://access.redhat.com/errata/RHSA-2023:5865

Comment 262 errata-xmlrpc 2023-10-18 22:55:30 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5867 https://access.redhat.com/errata/RHSA-2023:5867

Comment 263 errata-xmlrpc 2023-10-18 22:55:45 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5863 https://access.redhat.com/errata/RHSA-2023:5863

Comment 268 errata-xmlrpc 2023-10-19 13:13:16 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.13 for RHEL 8

Via RHSA-2023:5931 https://access.redhat.com/errata/RHSA-2023:5931

Comment 270 errata-xmlrpc 2023-10-19 16:50:41 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.2

Via RHSA-2023:5935 https://access.redhat.com/errata/RHSA-2023:5935

Comment 272 errata-xmlrpc 2023-10-19 22:22:52 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.2 for RHEL 8

Via RHSA-2023:5950 https://access.redhat.com/errata/RHSA-2023:5950

Comment 273 errata-xmlrpc 2023-10-19 22:23:12 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.3 for RHEL 8

Via RHSA-2023:5951 https://access.redhat.com/errata/RHSA-2023:5951

Comment 274 errata-xmlrpc 2023-10-19 22:23:38 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.4 for RHEL 8

Via RHSA-2023:5952 https://access.redhat.com/errata/RHSA-2023:5952

Comment 275 errata-xmlrpc 2023-10-20 04:12:11 UTC

This issue has been addressed in the following products:

  RHOL-5.6-RHEL-8

Via RHSA-2023:5541 https://access.redhat.com/errata/RHSA-2023:5541

Comment 276 errata-xmlrpc 2023-10-20 05:04:48 UTC

This issue has been addressed in the following products:

  RHOL-5.7-RHEL-8

Via RHSA-2023:5530 https://access.redhat.com/errata/RHSA-2023:5530

Comment 277 errata-xmlrpc 2023-10-20 14:56:34 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 17.1

Via RHSA-2023:5969 https://access.redhat.com/errata/RHSA-2023:5969

Comment 278 errata-xmlrpc 2023-10-20 14:56:48 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 17.1

Via RHSA-2023:5971 https://access.redhat.com/errata/RHSA-2023:5971

Comment 279 errata-xmlrpc 2023-10-20 14:56:48 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 17.1

Via RHSA-2023:5970 https://access.redhat.com/errata/RHSA-2023:5970

Comment 280 errata-xmlrpc 2023-10-20 14:57:01 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.1

Via RHSA-2023:5967 https://access.redhat.com/errata/RHSA-2023:5967

Comment 281 errata-xmlrpc 2023-10-20 14:57:30 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.2

Via RHSA-2023:5965 https://access.redhat.com/errata/RHSA-2023:5965

Comment 282 errata-xmlrpc 2023-10-20 14:57:59 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.2

Via RHSA-2023:5964 https://access.redhat.com/errata/RHSA-2023:5964

Comment 283 errata-xmlrpc 2023-10-20 16:50:18 UTC

This issue has been addressed in the following products:

  NETWORK-OBSERVABILITY-1.4.0-RHEL-9

Via RHSA-2023:5974 https://access.redhat.com/errata/RHSA-2023:5974

Comment 284 errata-xmlrpc 2023-10-20 17:18:50 UTC

This issue has been addressed in the following products:

  STF-1.5-RHEL-8

Via RHSA-2023:5976 https://access.redhat.com/errata/RHSA-2023:5976

Comment 286 errata-xmlrpc 2023-10-20 18:43:21 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.12 for RHEL 8

Via RHSA-2023:5979 https://access.redhat.com/errata/RHSA-2023:5979

Comment 287 errata-xmlrpc 2023-10-20 18:44:04 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.11 for RHEL 7
  Red Hat Satellite 6.11 for RHEL 8

Via RHSA-2023:5980 https://access.redhat.com/errata/RHSA-2023:5980

Comment 289 errata-xmlrpc 2023-10-20 22:25:14 UTC

This issue has been addressed in the following products:

  Satellite Client 6 for RHEL 6
  Satellite Client 6 for RHEL 7
  Satellite Client 6 for RHEL 8
  Satellite Client 6 for RHEL 9

Via RHSA-2023:5982 https://access.redhat.com/errata/RHSA-2023:5982

Comment 293 errata-xmlrpc 2023-10-23 14:24:54 UTC

This issue has been addressed in the following products:

  Cryostat 2 on RHEL 8

Via RHSA-2023:6031 https://access.redhat.com/errata/RHSA-2023:6031

Comment 296 Dave Dykstra 2023-10-23 17:54:52 UTC

(In reply to Nick Boldt from comment #249)
> RHEL8 advisory: https://access.redhat.com/errata/RHSA-2023:5721
> 
> Fixed in package: golang-1.19.13-1.module+el8.8.0+20373+d9cd605c 
> 
> New base image rhel8/go-toolset:1.19.13-2 @
> https://catalog.redhat.com/software/containers/rhel8/go-toolset/5b9c810add19c70b45cbd666

I'm the maintainer of golang for EPEL7 which I base on RHEL8, so I looked at this source package in detail.  I do not believe that it has a fix for the Important CVE-2023-39325 as claimed.  It was fixed upstream only in golang 1.21.3 and 1.20.10 and I do not see the patch backported.  Here for example is the commit that backported it to go 1.20.10: https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68

Comment 297 errata-xmlrpc 2023-10-23 18:30:53 UTC

This issue has been addressed in the following products:

  Node Maintenance Operator 5.0 for RHEL 8

Via RHSA-2023:6039 https://access.redhat.com/errata/RHSA-2023:6039

Comment 298 errata-xmlrpc 2023-10-23 18:31:12 UTC

This issue has been addressed in the following products:

  Node Maintenance Operator 5.2 for RHEL 8

Via RHSA-2023:6040 https://access.redhat.com/errata/RHSA-2023:6040

Comment 299 errata-xmlrpc 2023-10-23 18:31:24 UTC

This issue has been addressed in the following products:

  Self Node Remediation 0.7 for RHEL 8

Via RHSA-2023:6041 https://access.redhat.com/errata/RHSA-2023:6041

Comment 300 errata-xmlrpc 2023-10-23 18:39:37 UTC

This issue has been addressed in the following products:

  Self Node Remediation 0.5 for RHEL 8

Via RHSA-2023:6042 https://access.redhat.com/errata/RHSA-2023:6042

Comment 301 errata-xmlrpc 2023-10-23 19:21:37 UTC

This issue has been addressed in the following products:

  Cost Management for RHEL 8

Via RHSA-2023:6044 https://access.redhat.com/errata/RHSA-2023:6044

Comment 302 errata-xmlrpc 2023-10-23 20:24:51 UTC

This issue has been addressed in the following products:

  Red Hat Advanced Cluster Security 4.2

Via RHSA-2023:6048 https://access.redhat.com/errata/RHSA-2023:6048

Comment 303 errata-xmlrpc 2023-10-23 21:10:20 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:6057 https://access.redhat.com/errata/RHSA-2023:6057

Comment 304 errata-xmlrpc 2023-10-23 21:17:26 UTC

This issue has been addressed in the following products:

  OpenShift-Pipelines-1.12-RHEL-8

Via RHSA-2023:6059 https://access.redhat.com/errata/RHSA-2023:6059

Comment 305 errata-xmlrpc 2023-10-23 21:57:39 UTC

This issue has been addressed in the following products:

  OpenShift-Pipelines-1.12-RHEL-8

Via RHSA-2023:6061 https://access.redhat.com/errata/RHSA-2023:6061

Comment 307 errata-xmlrpc 2023-10-24 09:41:02 UTC

This issue has been addressed in the following products:

  RHACS-4.0-RHEL-8

Via RHSA-2023:6071 https://access.redhat.com/errata/RHSA-2023:6071

Comment 308 errata-xmlrpc 2023-10-24 12:02:19 UTC

This issue has been addressed in the following products:

  RHOL-5.5-RHEL-8

Via RHSA-2023:5542 https://access.redhat.com/errata/RHSA-2023:5542

Comment 309 errata-xmlrpc 2023-10-24 12:14:24 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6077 https://access.redhat.com/errata/RHSA-2023:6077

Comment 310 errata-xmlrpc 2023-10-24 14:57:03 UTC

This issue has been addressed in the following products:

  RHACS-3.74-RHEL-8

Via RHSA-2023:6084 https://access.redhat.com/errata/RHSA-2023:6084

Comment 311 errata-xmlrpc 2023-10-24 15:32:54 UTC

This issue has been addressed in the following products:

  Red Hat Openshift distributed tracing 2.9

Via RHSA-2023:6085 https://access.redhat.com/errata/RHSA-2023:6085

Comment 312 errata-xmlrpc 2023-10-25 00:59:08 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:5895 https://access.redhat.com/errata/RHSA-2023:5895

Comment 313 errata-xmlrpc 2023-10-25 14:02:19 UTC

This issue has been addressed in the following products:

  OADP-1.1-RHEL-8

Via RHSA-2023:6115 https://access.redhat.com/errata/RHSA-2023:6115

Comment 314 errata-xmlrpc 2023-10-25 14:16:49 UTC

This issue has been addressed in the following products:

  OADP-1.0-RHEL-8

Via RHSA-2023:6116 https://access.redhat.com/errata/RHSA-2023:6116

Comment 315 errata-xmlrpc 2023-10-25 14:23:38 UTC

This issue has been addressed in the following products:

  OADP-1.2-RHEL-8

Via RHSA-2023:6118 https://access.redhat.com/errata/RHSA-2023:6118

Comment 316 errata-xmlrpc 2023-10-25 15:53:07 UTC

This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.3 for RHEL 8

Via RHSA-2023:6119 https://access.redhat.com/errata/RHSA-2023:6119

Comment 317 errata-xmlrpc 2023-10-25 15:56:02 UTC

This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.8

Via RHSA-2023:6121 https://access.redhat.com/errata/RHSA-2023:6121

Comment 320 errata-xmlrpc 2023-10-25 18:15:29 UTC

This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.8 for RHEL 8

Via RHSA-2023:6122 https://access.redhat.com/errata/RHSA-2023:6122

Comment 321 errata-xmlrpc 2023-10-26 00:48:08 UTC

This issue has been addressed in the following products:

  RODOO-1.0-RHEL-8

Via RHSA-2023:5947 https://access.redhat.com/errata/RHSA-2023:5947

Comment 322 errata-xmlrpc 2023-10-26 01:04:44 UTC

This issue has been addressed in the following products:

  OSSO-1.1-RHEL-8

Via RHSA-2023:5933 https://access.redhat.com/errata/RHSA-2023:5933

Comment 325 errata-xmlrpc 2023-10-26 16:29:58 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:6143 https://access.redhat.com/errata/RHSA-2023:6143

Comment 326 errata-xmlrpc 2023-10-26 18:18:36 UTC

This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.2 for RHEL 8

Via RHSA-2023:6145 https://access.redhat.com/errata/RHSA-2023:6145

Comment 327 errata-xmlrpc 2023-10-26 19:20:47 UTC

This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8

Via RHSA-2023:6148 https://access.redhat.com/errata/RHSA-2023:6148

Comment 330 Nick Boldt 2023-10-27 15:58:26 UTC

(In reply to Dave Dykstra from comment #296)
> (In reply to Nick Boldt from comment #249)
> > RHEL8 advisory: https://access.redhat.com/errata/RHSA-2023:5721
> > 
> > Fixed in package: golang-1.19.13-1.module+el8.8.0+20373+d9cd605c 
> > 
> > New base image rhel8/go-toolset:1.19.13-2 @
> > https://catalog.redhat.com/software/containers/rhel8/go-toolset/5b9c810add19c70b45cbd666
> 
> I'm the maintainer of golang for EPEL7 which I base on RHEL8, so I looked at
> this source package in detail.  I do not believe that it has a fix for the
> Important CVE-2023-39325 as claimed.  It was fixed upstream only in golang
> 1.21.3 and 1.20.10 and I do not see the patch backported.  Here for example
> is the commit that backported it to go 1.20.10:
> https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68

Well, if you look at https://catalog.redhat.com/software/containers/rhel8/go-toolset/5b9c810add19c70b45cbd666?architecture=amd64&image=652d47582fd993af22f76402 (1.19.13-2) and scroll down to the Advisory link for RHBA-2023:5782 --> https://access.redhat.com/errata/RHBA-2023:5782

That advisory states that it contains these fixes

** BZ - 2242803 - CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
** BZ - 2243296 - CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

There have been two CVE fixes since that one as well:

* https://access.redhat.com/errata/RHBA-2023:5884 -> https://bugzilla.redhat.com/show_bug.cgi?id=2242803 CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
* https://access.redhat.com/errata/RHBA-2023:6051 -> https://bugzilla.redhat.com/show_bug.cgi?id=2235789 CVE-2023-40217 python: TLS handshake bypass

Comment 331 Dave Dykstra 2023-10-27 17:59:31 UTC

(In reply to Nick Boldt from comment #330)
> (In reply to Dave Dykstra from comment #296)
...
> > I'm the maintainer of golang for EPEL7 which I base on RHEL8, so I looked at
> > this source package in detail.  I do not believe that it has a fix for the
> > Important CVE-2023-39325 as claimed.  It was fixed upstream only in golang
> > 1.21.3 and 1.20.10 and I do not see the patch backported.  Here for example
> > is the commit that backported it to go 1.20.10:
> > https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68
> 
> Well, if you look at
> https://catalog.redhat.com/software/containers/rhel8/go-toolset/
> 5b9c810add19c70b45cbd666?architecture=amd64&image=652d47582fd993af22f76402
> (1.19.13-2) and scroll down to the Advisory link for RHBA-2023:5782 -->
> https://access.redhat.com/errata/RHBA-2023:5782
> 
> That advisory states that it contains these fixes
> 
> ** BZ - 2242803 - CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers
> are vulnerable to a DDoS attack (Rapid Reset Attack)
> ** BZ - 2243296 - CVE-2023-39325 golang: net/http, x/net/http2: rapid stream
> resets can cause excessive work (CVE-2023-44487)

Ah, now I see that the patch was backported into the second tarball
go1.19.13-2-openssl-fips.tar.gz.  Very good, I'm sorry for the noise.

Dave

Comment 332 errata-xmlrpc 2023-10-30 00:25:13 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:6156 https://access.redhat.com/errata/RHSA-2023:6156

Comment 333 errata-xmlrpc 2023-10-30 02:16:36 UTC

This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.7

Via RHSA-2023:6161 https://access.redhat.com/errata/RHSA-2023:6161

Comment 334 errata-xmlrpc 2023-10-30 08:19:25 UTC

This issue has been addressed in the following products:

  Service Interconnect 1 for RHEL 8
  Service Interconnect 1 for RHEL 9

Via RHSA-2023:6165 https://access.redhat.com/errata/RHSA-2023:6165

Comment 336 errata-xmlrpc 2023-10-30 12:35:09 UTC

This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.13

Via RHSA-2023:6179 https://access.redhat.com/errata/RHSA-2023:6179

Comment 337 errata-xmlrpc 2023-10-30 12:59:24 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:6129 https://access.redhat.com/errata/RHSA-2023:6129

Comment 338 errata-xmlrpc 2023-10-30 13:49:28 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:6130 https://access.redhat.com/errata/RHSA-2023:6130

Comment 339 errata-xmlrpc 2023-10-30 18:15:53 UTC

This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.1 for RHEL 8

Via RHSA-2023:6200 https://access.redhat.com/errata/RHSA-2023:6200

Comment 340 errata-xmlrpc 2023-10-30 20:14:35 UTC

This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8

Via RHSA-2023:6202 https://access.redhat.com/errata/RHSA-2023:6202

Comment 341 errata-xmlrpc 2023-10-31 10:41:05 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:5005 https://access.redhat.com/errata/RHSA-2023:5005

Comment 342 errata-xmlrpc 2023-10-31 12:55:00 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:5006 https://access.redhat.com/errata/RHSA-2023:5006

Comment 343 errata-xmlrpc 2023-10-31 13:45:27 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:5007 https://access.redhat.com/errata/RHSA-2023:5007

Comment 344 errata-xmlrpc 2023-10-31 14:02:26 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:5009 https://access.redhat.com/errata/RHSA-2023:5009

Comment 345 errata-xmlrpc 2023-10-31 14:40:44 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:6217 https://access.redhat.com/errata/RHSA-2023:6217

Comment 346 errata-xmlrpc 2023-10-31 18:22:11 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift GitOps 1.10

Via RHSA-2023:6220 https://access.redhat.com/errata/RHSA-2023:6220

Comment 347 errata-xmlrpc 2023-11-01 00:30:49 UTC

This issue has been addressed in the following products:

  OSSO-1.2-RHEL-8

Via RHSA-2023:6154 https://access.redhat.com/errata/RHSA-2023:6154

Comment 348 errata-xmlrpc 2023-11-01 10:27:38 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:6125 https://access.redhat.com/errata/RHSA-2023:6125

Comment 349 errata-xmlrpc 2023-11-01 11:07:25 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:6126 https://access.redhat.com/errata/RHSA-2023:6126

Comment 350 errata-xmlrpc 2023-11-01 11:34:38 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:6233 https://access.redhat.com/errata/RHSA-2023:6233

Comment 351 errata-xmlrpc 2023-11-01 12:04:38 UTC

This issue has been addressed in the following products:

  RHEL-9-CNV-4.13

Via RHSA-2023:6235 https://access.redhat.com/errata/RHSA-2023:6235

Comment 352 errata-xmlrpc 2023-11-01 13:41:57 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:6240 https://access.redhat.com/errata/RHSA-2023:6240

Comment 353 errata-xmlrpc 2023-11-01 14:04:15 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift GitOps 1.10

Via RHSA-2023:6243 https://access.redhat.com/errata/RHSA-2023:6243

Comment 354 errata-xmlrpc 2023-11-01 14:42:26 UTC

This issue has been addressed in the following products:

  RHEL-8-CNV-4.12

Via RHSA-2023:6248 https://access.redhat.com/errata/RHSA-2023:6248

Comment 358 errata-xmlrpc 2023-11-01 16:14:44 UTC

This issue has been addressed in the following products:

  RHEL-8-CNV-4.11

Via RHSA-2023:6251 https://access.redhat.com/errata/RHSA-2023:6251

Comment 359 errata-xmlrpc 2023-11-02 10:25:09 UTC

This issue has been addressed in the following products:

  MTA-6.2-RHEL-9
  MTA-6.2-RHEL-8

Via RHSA-2023:6280 https://access.redhat.com/errata/RHSA-2023:6280

Comment 360 errata-xmlrpc 2023-11-02 19:16:08 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Serverless 1.30

Via RHSA-2023:6296 https://access.redhat.com/errata/RHSA-2023:6296

Comment 361 errata-xmlrpc 2023-11-03 08:45:44 UTC

This issue has been addressed in the following products:

  Openshift Serverless 1 on RHEL 8

Via RHSA-2023:6298 https://access.redhat.com/errata/RHSA-2023:6298

Comment 362 errata-xmlrpc 2023-11-06 11:24:58 UTC

This issue has been addressed in the following products:

  MTA-6.1-RHEL-8

Via RHSA-2023:6305 https://access.redhat.com/errata/RHSA-2023:6305

Comment 363 errata-xmlrpc 2023-11-08 00:57:29 UTC

This issue has been addressed in the following products:

  OpenShift-Pipelines-1.11-RHEL-8

Via RHSA-2023:6779 https://access.redhat.com/errata/RHSA-2023:6779

Comment 364 errata-xmlrpc 2023-11-08 01:07:57 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift GitOps 1.8

Via RHSA-2023:6782 https://access.redhat.com/errata/RHSA-2023:6782

Comment 365 errata-xmlrpc 2023-11-08 01:08:11 UTC

This issue has been addressed in the following products:

  OpenShift-Pipelines-1.11-RHEL-8

Via RHSA-2023:6781 https://access.redhat.com/errata/RHSA-2023:6781

Comment 366 errata-xmlrpc 2023-11-08 01:18:31 UTC

This issue has been addressed in the following products:

  Node Healthcheck Operator 0.4 for RHEL 8

Via RHSA-2023:6783 https://access.redhat.com/errata/RHSA-2023:6783

Comment 367 errata-xmlrpc 2023-11-08 01:27:36 UTC

This issue has been addressed in the following products:

  Node Healthcheck Operator 0.6 for RHEL 8

Via RHSA-2023:6784 https://access.redhat.com/errata/RHSA-2023:6784

Comment 368 errata-xmlrpc 2023-11-08 01:37:33 UTC

This issue has been addressed in the following products:

  Machine Deletion Remediation 0.2 for RHEL 8

Via RHSA-2023:6785 https://access.redhat.com/errata/RHSA-2023:6785

Comment 369 errata-xmlrpc 2023-11-08 01:46:26 UTC

This issue has been addressed in the following products:

  Fence Agents Remediation 0.2 for RHEL 8

Via RHSA-2023:6786 https://access.redhat.com/errata/RHSA-2023:6786

Comment 370 errata-xmlrpc 2023-11-08 01:54:51 UTC

This issue has been addressed in the following products:

  NETWORK-OBSERVABILITY-1.4.0-RHEL-9

Via RHSA-2023:6787 https://access.redhat.com/errata/RHSA-2023:6787

Comment 371 errata-xmlrpc 2023-11-08 02:05:08 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift GitOps 1.8

Via RHSA-2023:6788 https://access.redhat.com/errata/RHSA-2023:6788

Comment 372 errata-xmlrpc 2023-11-08 08:40:12 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:6256 https://access.redhat.com/errata/RHSA-2023:6256

Comment 373 errata-xmlrpc 2023-11-08 08:43:23 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:6257 https://access.redhat.com/errata/RHSA-2023:6257

Comment 374 errata-xmlrpc 2023-11-08 09:43:49 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:6271 https://access.redhat.com/errata/RHSA-2023:6271

Comment 375 errata-xmlrpc 2023-11-08 10:25:31 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:6275 https://access.redhat.com/errata/RHSA-2023:6275

Comment 376 errata-xmlrpc 2023-11-08 10:40:51 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:6276 https://access.redhat.com/errata/RHSA-2023:6276

Comment 377 errata-xmlrpc 2023-11-08 10:41:30 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:6272 https://access.redhat.com/errata/RHSA-2023:6272

Comment 378 errata-xmlrpc 2023-11-08 14:03:39 UTC

This issue has been addressed in the following products:

  RHEL-9-CNV-4.14

Via RHSA-2023:6817 https://access.redhat.com/errata/RHSA-2023:6817

Comment 379 errata-xmlrpc 2023-11-08 14:17:32 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.14 for RHEL 8

Via RHSA-2023:6818 https://access.redhat.com/errata/RHSA-2023:6818

Comment 380 errata-xmlrpc 2023-11-08 18:35:02 UTC

This issue has been addressed in the following products:

  RHACS-4.1-RHEL-8

Via RHSA-2023:6828 https://access.redhat.com/errata/RHSA-2023:6828

Comment 381 errata-xmlrpc 2023-11-08 18:49:48 UTC

This issue has been addressed in the following products:

  RHODF-4.14-RHEL-9

Via RHSA-2023:6832 https://access.redhat.com/errata/RHSA-2023:6832

Comment 382 errata-xmlrpc 2023-11-15 00:16:37 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.2 for RHEL 8

Via RHSA-2023:7215 https://access.redhat.com/errata/RHSA-2023:7215

Comment 383 errata-xmlrpc 2023-11-15 00:43:11 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:6845 https://access.redhat.com/errata/RHSA-2023:6845

Comment 384 errata-xmlrpc 2023-11-15 00:47:48 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:6836 https://access.redhat.com/errata/RHSA-2023:6836

Comment 385 errata-xmlrpc 2023-11-15 01:08:33 UTC

This issue has been addressed in the following products:

  CERT-MANAGER-1.11-RHEL-9

Via RHSA-2023:6279 https://access.redhat.com/errata/RHSA-2023:6279

Comment 386 errata-xmlrpc 2023-11-15 01:45:59 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:6846 https://access.redhat.com/errata/RHSA-2023:6846

Comment 387 errata-xmlrpc 2023-11-15 03:12:58 UTC

This issue has been addressed in the following products:

  CERT-MANAGER-1.12-RHEL-9

Via RHSA-2023:6269 https://access.redhat.com/errata/RHSA-2023:6269

Comment 388 errata-xmlrpc 2023-11-15 04:22:35 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:6837 https://access.redhat.com/errata/RHSA-2023:6837

Comment 389 errata-xmlrpc 2023-11-15 04:38:18 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:6840 https://access.redhat.com/errata/RHSA-2023:6840

Comment 390 errata-xmlrpc 2023-11-15 18:10:41 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:6839 https://access.redhat.com/errata/RHSA-2023:6839

Comment 391 errata-xmlrpc 2023-11-15 19:24:19 UTC

This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.14

Via RHSA-2023:7288 https://access.redhat.com/errata/RHSA-2023:7288

Comment 392 errata-xmlrpc 2023-11-16 20:14:49 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:6841 https://access.redhat.com/errata/RHSA-2023:6841

Comment 393 errata-xmlrpc 2023-11-16 20:31:57 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:6842 https://access.redhat.com/errata/RHSA-2023:6842

Comment 394 errata-xmlrpc 2023-11-16 20:48:38 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:7342 https://access.redhat.com/errata/RHSA-2023:7342

Comment 395 errata-xmlrpc 2023-11-20 07:50:48 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift GitOps 1.9

Via RHSA-2023:7344 https://access.redhat.com/errata/RHSA-2023:7344

Comment 396 errata-xmlrpc 2023-11-20 08:34:28 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift GitOps 1.9

Via RHSA-2023:7345 https://access.redhat.com/errata/RHSA-2023:7345

Comment 398 errata-xmlrpc 2023-11-21 11:26:48 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:7315 https://access.redhat.com/errata/RHSA-2023:7315

Comment 399 errata-xmlrpc 2023-11-21 11:28:24 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:7323 https://access.redhat.com/errata/RHSA-2023:7323

Comment 400 errata-xmlrpc 2023-11-21 11:29:00 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:7322 https://access.redhat.com/errata/RHSA-2023:7322

Comment 401 errata-xmlrpc 2023-11-21 11:58:54 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13
  Ironic content for Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:7325 https://access.redhat.com/errata/RHSA-2023:7325

Comment 402 errata-xmlrpc 2023-11-21 12:20:45 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:6893 https://access.redhat.com/errata/RHSA-2023:6893

Comment 403 errata-xmlrpc 2023-11-21 12:36:32 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:6894 https://access.redhat.com/errata/RHSA-2023:6894

Comment 405 errata-xmlrpc 2023-11-27 16:08:39 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:7515 https://access.redhat.com/errata/RHSA-2023:7515

Comment 406 errata-xmlrpc 2023-11-28 13:13:58 UTC

This issue has been addressed in the following products:

  RHEL-9-CNV-4.13
  RHEL-7-CNV-4.13
  RHEL-8-CNV-4.13

Via RHSA-2023:7521 https://access.redhat.com/errata/RHSA-2023:7521

Comment 407 errata-xmlrpc 2023-11-28 13:45:19 UTC

This issue has been addressed in the following products:

  RHEL-9-CNV-4.13

Via RHSA-2023:7522 https://access.redhat.com/errata/RHSA-2023:7522

Comment 408 errata-xmlrpc 2023-11-28 18:51:16 UTC

This issue has been addressed in the following products:

  OADP-1.3-RHEL-9

Via RHSA-2023:7555 https://access.redhat.com/errata/RHSA-2023:7555

Comment 409 errata-xmlrpc 2023-11-29 00:34:15 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:7474 https://access.redhat.com/errata/RHSA-2023:7474

Comment 410 errata-xmlrpc 2023-11-29 00:45:15 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:7478 https://access.redhat.com/errata/RHSA-2023:7478

Comment 411 errata-xmlrpc 2023-11-29 01:41:23 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:7479 https://access.redhat.com/errata/RHSA-2023:7479

Comment 412 errata-xmlrpc 2023-11-29 01:47:49 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:7475 https://access.redhat.com/errata/RHSA-2023:7475

Comment 413 errata-xmlrpc 2023-11-29 10:28:07 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:7469 https://access.redhat.com/errata/RHSA-2023:7469

Comment 414 errata-xmlrpc 2023-11-29 11:37:40 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:7470 https://access.redhat.com/errata/RHSA-2023:7470

Comment 415 errata-xmlrpc 2023-12-05 09:57:16 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:7599 https://access.redhat.com/errata/RHSA-2023:7599

Comment 419 errata-xmlrpc 2023-12-06 00:16:15 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:7602 https://access.redhat.com/errata/RHSA-2023:7602

Comment 420 errata-xmlrpc 2023-12-06 00:20:59 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:7662 https://access.redhat.com/errata/RHSA-2023:7662

Comment 421 errata-xmlrpc 2023-12-06 00:34:40 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:7604 https://access.redhat.com/errata/RHSA-2023:7604

Comment 422 errata-xmlrpc 2023-12-06 16:54:58 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:7607 https://access.redhat.com/errata/RHSA-2023:7607

Comment 423 errata-xmlrpc 2023-12-06 17:55:56 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:7608 https://access.redhat.com/errata/RHSA-2023:7608

Comment 424 errata-xmlrpc 2023-12-06 18:13:23 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12
  Ironic content for Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:7610 https://access.redhat.com/errata/RHSA-2023:7610

Comment 425 errata-xmlrpc 2023-12-07 14:23:33 UTC

This issue has been addressed in the following products:

  OpenShift-Pipelines-1.10-RHEL-8

Via RHSA-2023:7699 https://access.redhat.com/errata/RHSA-2023:7699

Comment 426 errata-xmlrpc 2023-12-07 14:57:20 UTC

This issue has been addressed in the following products:

  OpenShift-Pipelines-1.10-RHEL-8

Via RHSA-2023:7703 https://access.redhat.com/errata/RHSA-2023:7703

Comment 427 errata-xmlrpc 2023-12-07 15:00:51 UTC

This issue has been addressed in the following products:

  RHEL-9-CNV-4.14

Via RHSA-2023:7704 https://access.redhat.com/errata/RHSA-2023:7704

Comment 429 errata-xmlrpc 2023-12-11 00:22:00 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:7710 https://access.redhat.com/errata/RHSA-2023:7710

Comment 430 errata-xmlrpc 2023-12-12 09:48:55 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:7682 https://access.redhat.com/errata/RHSA-2023:7682

Comment 431 errata-xmlrpc 2023-12-12 13:56:20 UTC

This issue has been addressed in the following products:

  Red Hat Ceph Storage 6.1

Via RHSA-2023:7741 https://access.redhat.com/errata/RHSA-2023:7741

Comment 432 errata-xmlrpc 2023-12-13 00:13:33 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:7687 https://access.redhat.com/errata/RHSA-2023:7687

Comment 433 errata-xmlrpc 2023-12-13 21:03:46 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:7690 https://access.redhat.com/errata/RHSA-2023:7690

Comment 434 errata-xmlrpc 2023-12-13 21:45:34 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:7691 https://access.redhat.com/errata/RHSA-2023:7691

Comment 436 errata-xmlrpc 2024-01-03 20:04:38 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:7831 https://access.redhat.com/errata/RHSA-2023:7831

Comment 437 errata-xmlrpc 2024-01-04 14:22:13 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:7827 https://access.redhat.com/errata/RHSA-2023:7827

Comment 438 errata-xmlrpc 2024-01-04 14:41:41 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:7823 https://access.redhat.com/errata/RHSA-2023:7823

Comment 439 errata-xmlrpc 2024-01-09 16:55:41 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2024:0050 https://access.redhat.com/errata/RHSA-2024:0050

Comment 440 errata-xmlrpc 2024-01-10 00:23:51 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2024:0059 https://access.redhat.com/errata/RHSA-2024:0059

Comment 442 errata-xmlrpc 2024-01-17 08:29:59 UTC

This issue has been addressed in the following products:

  RHEL-8-CNV-4.12

Via RHSA-2024:0273 https://access.redhat.com/errata/RHSA-2024:0273

Comment 443 errata-xmlrpc 2024-01-17 09:48:11 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2024:0193 https://access.redhat.com/errata/RHSA-2024:0193

Comment 444 errata-xmlrpc 2024-01-17 18:21:22 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2024:0198 https://access.redhat.com/errata/RHSA-2024:0198

Comment 445 errata-xmlrpc 2024-01-23 20:26:14 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2024:0290 https://access.redhat.com/errata/RHSA-2024:0290

Comment 446 errata-xmlrpc 2024-01-24 20:54:53 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2024:0306 https://access.redhat.com/errata/RHSA-2024:0306

Comment 448 errata-xmlrpc 2024-01-31 16:19:02 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2024:0485 https://access.redhat.com/errata/RHSA-2024:0485

Comment 449 errata-xmlrpc 2024-02-01 19:05:53 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2024:0484 https://access.redhat.com/errata/RHSA-2024:0484

Comment 450 errata-xmlrpc 2024-02-07 15:07:44 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2024:0660 https://access.redhat.com/errata/RHSA-2024:0660

Comment 451 errata-xmlrpc 2024-02-07 17:36:39 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2024:0642 https://access.redhat.com/errata/RHSA-2024:0642

Comment 452 errata-xmlrpc 2024-02-08 18:42:48 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2024:0682 https://access.redhat.com/errata/RHSA-2024:0682

Comment 453 errata-xmlrpc 2024-02-08 19:31:23 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2024:0664 https://access.redhat.com/errata/RHSA-2024:0664

Comment 454 errata-xmlrpc 2024-02-12 10:25:43 UTC

This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.14

Via RHSA-2024:0777 https://access.redhat.com/errata/RHSA-2024:0777

Comment 455 errata-xmlrpc 2024-02-14 06:34:38 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2024:0741 https://access.redhat.com/errata/RHSA-2024:0741

Comment 456 errata-xmlrpc 2024-02-20 15:27:13 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2024:0837 https://access.redhat.com/errata/RHSA-2024:0837

Comment 457 errata-xmlrpc 2024-02-21 01:44:22 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2024:0833 https://access.redhat.com/errata/RHSA-2024:0833

Comment 460 errata-xmlrpc 2024-02-27 15:16:45 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2024:0954 https://access.redhat.com/errata/RHSA-2024:0954

Comment 471 errata-xmlrpc 2024-02-27 19:47:41 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2023:7197 https://access.redhat.com/errata/RHSA-2023:7197

Comment 472 errata-xmlrpc 2024-02-27 20:49:40 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2023:7198 https://access.redhat.com/errata/RHSA-2023:7198

Comment 473 errata-xmlrpc 2024-02-27 22:28:22 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2023:7201 https://access.redhat.com/errata/RHSA-2023:7201

Comment 474 errata-xmlrpc 2024-02-27 22:46:41 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2023:7200 https://access.redhat.com/errata/RHSA-2023:7200

Comment 475 errata-xmlrpc 2024-02-28 00:20:28 UTC

This issue has been addressed in the following products:

  RODOO-1.1-RHEL-9

Via RHSA-2024:0269 https://access.redhat.com/errata/RHSA-2024:0269

Comment 476 errata-xmlrpc 2024-02-28 00:21:36 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2024:0941 https://access.redhat.com/errata/RHSA-2024:0941

Comment 477 errata-xmlrpc 2024-02-28 08:11:12 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2024:0766 https://access.redhat.com/errata/RHSA-2024:0766

Comment 479 errata-xmlrpc 2024-02-28 14:04:01 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2024:0946 https://access.redhat.com/errata/RHSA-2024:0946

Comment 480 errata-xmlrpc 2024-03-06 00:38:25 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2024:1052 https://access.redhat.com/errata/RHSA-2024:1052

Comment 481 errata-xmlrpc 2024-03-06 13:33:30 UTC

This issue has been addressed in the following products:

  KDO-5.0-RHEL-9

Via RHSA-2024:0302 https://access.redhat.com/errata/RHSA-2024:0302

Comment 482 errata-xmlrpc 2024-03-06 14:46:48 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2024:1037 https://access.redhat.com/errata/RHSA-2024:1037

Comment 485 errata-xmlrpc 2024-03-27 00:25:49 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2024:1458 https://access.redhat.com/errata/RHSA-2024:1458

Comment 486 errata-xmlrpc 2024-03-27 00:32:22 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2024:1454 https://access.redhat.com/errata/RHSA-2024:1454

Comment 487 errata-xmlrpc 2024-03-27 11:18:44 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2024:1449 https://access.redhat.com/errata/RHSA-2024:1449

Comment 488 errata-xmlrpc 2024-03-27 19:51:27 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2024:1464 https://access.redhat.com/errata/RHSA-2024:1464

Comment 489 errata-xmlrpc 2024-04-03 06:57:53 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2024:1572 https://access.redhat.com/errata/RHSA-2024:1572

Comment 490 errata-xmlrpc 2024-04-16 14:53:03 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2024:1770 https://access.redhat.com/errata/RHSA-2024:1770

Comment 491 errata-xmlrpc 2024-04-18 11:59:08 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2024:1765 https://access.redhat.com/errata/RHSA-2024:1765

Note You need to log in before you can comment on or make changes to this bug.

aazores
abishop
ahanwate
alitke
aveerama
bdettelb
bodavis
davidn
dbenoit
dcadzow
dholler
dkenigsb
dperaza
dwd
eaguilar
ebaron
eglynn
emachado
epacific
fdeutsch
fromani
gparvin
hhorak
jcammara
jchaloup
jchui
jhardy
jjoyce
jkang
jneedle
jobarker
joelsmith
jorton
jpallich
jschluet
jshaughn
jwendell
lhh
mabashia
mburns
mgarciac
mnewsome
muagarwa
mwringe
nbecker
nboldt
njean
nobody
opohorel
oramraz
osapryki
owatkins
pahickey
pdelbell
pgrist
phoracek
rcernich
rgarg
rhos-maint
saroy
sfroberg
sgott
shbose
simaishi
sipoyare
smcdonal
smullick
sreber
stcannon
stirabos
teagle
tkasparek
tkral
tnielsen
trathi
twalsh
ubhargav
vsroka
yguenane
zsadeh