RHSA-2023:3664: Moderate: OpenShift Jenkins image and Jenkins agent base image security update
Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.Security Fix(es): golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148) golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2023:3664?
RHSA-2023:3664 is classified as a moderate severity vulnerability on affected systems.
How do I fix RHSA-2023:3664?
The recommended fix for RHSA-2023:3664 is to update the OpenShift Jenkins image and Jenkins agent base image to the latest version provided by the security advisory.
What is the CVE associated with RHSA-2023:3664?
RHSA-2023:3664 addresses CVE-2022-41717, which involves excessive memory growth in a Go server handling HTTP/2 requests.
Who is affected by RHSA-2023:3664?
Users of affected OpenShift Jenkins images and Jenkins agent base images are at risk due to RHSA-2023:3664.
What should I monitor for related to RHSA-2023:3664?
Monitor your systems for unusual memory consumption patterns or performance degradation that may indicate exploitation of CVE-2022-41717.