Uploaded image for project: 'OpenShift Workloads'
  1. OpenShift Workloads
  2. WRKLDS-887

[tracker] [Major Incident] CVE-2023-39325: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) [openshift-4.14]

    XMLWordPrintable

Details

    • Story
    • Resolution: Done
    • Critical
    • None
    • None

    Description

      Bug reports:

      1. oc: https://issues.redhat.com/browse/OCPBUGS-21611
      2. cluster-kube-controller-manager-operator: https://issues.redhat.com/browse/OCPBUGS-21088
      3. cluster-policy-controller: https://issues.redhat.com/browse/OCPBUGS-21122
      4. route-controller-manager: https://issues.redhat.com/browse/OCPBUGS-21576
      5. cluster-openshift-controller-manager-operator: https://issues.redhat.com/browse/OCPBUGS-20818
      6. run-once-duration-override: https://issues.redhat.com/browse/OCPBUGS-20387
      7. run-once-duration-override-operator: https://issues.redhat.com/browse/OCPBUGS-21274
      8. descheduler: https://issues.redhat.com/browse/OCPBUGS-20631 (missing PR)
      9. cluster-kube-scheduler-operator: https://issues.redhat.com/browse/OCPBUGS-21737 (new PR required to sync k8s/library-go)
      10. cluster-kube-descheduler-operator: https://issues.redhat.com/browse/OCPBUGS-21732 (new PR required to sync k8s/library-go)
      11. cluster-capacity: https://issues.redhat.com/browse/OCPBUGS-20821
      12. secondary-scheduler-operator: https://issues.redhat.com/browse/OCPBUGS-21666

      Attachments

        Issue Links

          clones

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. WRKLDS-885 [tracker] [Major Incident] CVE-2023-39325: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) [openshift-4.15]

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          is cloned by

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. WRKLDS-889 [tracker] [Major Incident] CVE-2023-39325: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) [openshift-4.13]

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              Unassigned Unassigned
              jchaloup@redhat.com Jan Chaloupka
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: