Red Hat Openshift Data Foundation
Recent Red Hat Openshift Data Foundation Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2024:1383 | (RHSA-2024:1383) Important: Red Hat OpenShift Data Foundation 4.15.0 security, enhancement, & bug fix update | March 19, 2024 |
| RHSA-2023:7820 | (RHSA-2023:7820) Moderate: Red Hat OpenShift Data Foundation 4.12.10 Bug Fix Update | December 14, 2023 |
| RHSA-2023:6832 | (RHSA-2023:6832) Important: Red Hat OpenShift Data Foundation 4.14.0 security, enhancement & bug fix update | November 8, 2023 |
| RHSA-2023:5376 | (RHSA-2023:5376) Important: Red Hat OpenShift Data Foundation 4.13.3 security and bug fix update | September 27, 2023 |
| RHSA-2023:4437 | (RHSA-2023:4437) Moderate: Red Hat OpenShift Data Foundation 4.13.1 security and bug fix update | August 2, 2023 |
| RHSA-2023:4287 | (RHSA-2023:4287) Moderate: Red Hat OpenShift Data Foundation 4.12.5 security and bug fix update | July 26, 2023 |
| RHSA-2023:4241 | (RHSA-2023:4241) Moderate: Red Hat OpenShift Data Foundation 4.10.14 security and bug fix update | July 20, 2023 |
| RHSA-2023:4238 | (RHSA-2023:4238) Moderate: Red Hat OpenShift Data Foundation 4.11.9 security and bug fix update | July 20, 2023 |
| RHSA-2023:3742 | (RHSA-2023:3742) Important: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update | June 22, 2023 |
| RHSA-2023:3609 | (RHSA-2023:3609) Moderate: Red Hat OpenShift Data Foundation 4.12.4 security and Bug Fix update | June 14, 2023 |
By the Year
In 2024 there have been 0 vulnerabilities in Red Hat Openshift Data Foundation . Last year Openshift Data Foundation had 1 security vulnerability published. Right now, Openshift Data Foundation is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 5.90 |
| 2022 | 1 | 6.50 |
| 2021 | 1 | 9.10 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Openshift Data Foundation vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Openshift Data Foundation Security Vulnerabilities
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such
CVE-2023-48795
5.9 - Medium
- December 18, 2023
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
Improper Validation of Integrity Check Value
A key length flaw was found in Red Hat Ceph Storage
CVE-2021-3979
6.5 - Medium
- August 25, 2022
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
authentification
An out-of-bounds read flaw was found in the CLARRV
CVE-2021-4048
9.1 - Critical
- December 08, 2021
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Red Hat? Click the Watch button to subscribe.
