SB2023020869 - Multiple vulnerabilities in OpenShift Container Platform 4.12

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Resource exhaustion (CVE-ID: CVE-2021-4235)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when parsing YAML files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

2) Insufficient Entropy (CVE-ID: CVE-2021-4238)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient entropy when generating alphanumeric strings within RandomAlphaNumeric and CryptoRandomAlphaNumeric functions, which always return strings containing at least one digit from 0 to 9. A remote attacker can launch brute-force attacks and gain access to sensitive information.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2023:0569
• https://access.redhat.com/errata/RHSA-2023:0570