Red Hat Security Advisory 2023-4286-01

Red Hat Security Advisory 2023-4286-01: Posted Jul 27, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-4286-01 - Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.; tags | advisory; systems | linux, redhat; advisories | CVE-2020-24736, CVE-2022-36227, CVE-2022-48281, CVE-2023-1667, CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-2283, CVE-2023-25193, CVE-2023-26604, CVE-2023-27535, CVE-2023-28466; SHA-256 | d5d35601175060e7441b9a1481c61970c832969895ba21bcfab1b55787d9e0f1; Download | Favorite | View

Red Hat Security Advisory 2023-4286-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift Dev Spaces Security Update
Advisory ID:       RHSA-2023:4286-01
Product:           Red Hat OpenShift Dev Spaces
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4286
Issue date:        2023-07-26
CVE Names:         CVE-2020-24736 CVE-2022-36227 CVE-2022-48281 
                   CVE-2023-1667 CVE-2023-2283 CVE-2023-3089 
                   CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 
                   CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 
                   CVE-2023-26604 CVE-2023-27535 CVE-2023-28466 
=====================================================================

1. Summary:

Red Hat OpenShift Dev Spaces provides a cloud developer workspace server
and a
browser-based IDE built for teams and organizations. Dev Spaces runs in
OpenShift and is well-suited for container-based development.

The 3.7.1 release is based on Eclipse Che 7.67.

Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users
are
expected to update to newer OpenShift releases in order to continue to get
Dev
Spaces updates.

https://access.redhat.com/support/policy/updates/openshift#crw

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Dev Spaces provides a cloud developer workspace server
and a
browser-based IDE built for teams and organizations. Dev Spaces runs in
OpenShift and is well-suited for container-based development.

Security Fix(es):

* openshift: OCP & FIPS mode (CVE-2023-3089)

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

5. References:

https://access.redhat.com/security/cve/CVE-2020-24736
https://access.redhat.com/security/cve/CVE-2022-36227
https://access.redhat.com/security/cve/CVE-2022-48281
https://access.redhat.com/security/cve/CVE-2023-1667
https://access.redhat.com/security/cve/CVE-2023-2283
https://access.redhat.com/security/cve/CVE-2023-3089
https://access.redhat.com/security/cve/CVE-2023-22006
https://access.redhat.com/security/cve/CVE-2023-22036
https://access.redhat.com/security/cve/CVE-2023-22041
https://access.redhat.com/security/cve/CVE-2023-22045
https://access.redhat.com/security/cve/CVE-2023-22049
https://access.redhat.com/security/cve/CVE-2023-25193
https://access.redhat.com/security/cve/CVE-2023-26604
https://access.redhat.com/security/cve/CVE-2023-27535
https://access.redhat.com/security/cve/CVE-2023-28466
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2023-001

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJkwX/zAAoJENzjgjWX9erEowoQAKgWS3yoCixB3uNj2paYAwyZ
atEs+n+P5DEROfnA9Qf5K/ObcmWXyjIpFjQULhOJxFXLXSw+9D/sGZ3jfSszqK6q
WoZ6XIdiPtOnDmEy/8+co1h2szglwgEu2hN6OxN5SeASU4qoe4xRWm+cCyV/p1ig
prOlLAJOqwOEJj81kFB+uxLQrhDo7O3srpZNX8sM70V5QNIsAnLrts98GXkzpIJl
OyOkRUZUfsfy5YfgYRZ9LBR6VP5RRN5qlrX5rjBTTB+m74PRxRPKx5bYXMOBJuds
xj3c8PipoXgWicMc5VL28QFMp9JyODMN8aHrfxG+b3f+9nM3XH2t3lOP0ktneQ0T
8a/c4pSnBftUjbTM0DNZquWzXm2L2ECinRVHc8BiVkjw3vn4w1uxqiCBboqhxMq9
t4S5xc61KbrvbXByHtPgaKI2L0rvQFdMGLJ+rnNql5JIYXQBWRps81DqzKnm41/2
TsTWHa1lrc13KrFF8WPtBpQuxYW/mivwSesQ9OVOADf/yPFinrCpJtqbSorSpZU/
Y/0MKub11Et+q4faVFNFi0CiwAz3lEFh+EFy2OW5qaP1RINJJv8F9ryosRT6SiI6
Zf424hNDjn1TbY1yDlPTGkMFuXeRDc+mlLq88x2w7y8eXKvg3gqAMsGKRYTH3W39
ePHoEIcuy/WowrggChHH
=tFhm
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 297 files
Ubuntu 66 files
Debian 33 files
Gentoo 28 files
LiquidWorm 10 files
nu11secur1ty 7 files
Adam Gowdiak 4 files
gabe_k 3 files
liquidsky 3 files
kai6u 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,036)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,495)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,567)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,739)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,489)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

Red Hat Security Advisory 2023-4286-01

Red Hat Security Advisory 2023-4286-01

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2023-4286-01

Share This

Red Hat Security Advisory 2023-4286-01

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems