Threats Tagged 'cve-2024-28180'

Red Hat OpenShift Container Platform 4. 12. 54 includes security updates addressing three vulnerabilities: a memory leak in golang-fips/openssl during RSA payload encryption/decryption (CVE-2024-1394), an infinite loop in golang-protobuf's protojson. Unmarshal when processing certain invalid JSON (CVE-2024-24786), and improper handling of highly compressed data in jose-go (CVE-2024-28180). These issues have been rated with an important security impact by Red Hat Product Security. Users of OpenShift Container Platform 4. 12 are advised to upgrade to the updated packages and container images once available through official release channels. Detailed upgrade instructions are provided by Red Hat. No known exploits in the wild have been reported at this time.

Red Hat OpenShift Container Platform 4. 15. 6 includes security updates addressing three vulnerabilities: a memory leak in RSA payload encryption/decryption (CVE-2024-1394), an infinite loop during JSON unmarshaling of invalid data (CVE-2024-24786), and improper handling of highly compressed data (CVE-2024-28180). These issues affect components such as golang-fips/openssl, golang-protobuf, and jose-go. Red Hat has released updated RPM packages and container images to fix these vulnerabilities. Users of OpenShift Container Platform 4. 15 are advised to upgrade to these updated packages and images via the appropriate release channels using the OpenShift CLI or web console. Detailed upgrade instructions are available in Red Hat's documentation. The update is rated as having an Important security impact by Red Hat Product Security. No known exploits in the wild have been reported at this time.