Threats Tagged 'cve-2024-45339'

Red Hat OpenShift Container Platform 4. 19. 9 includes security updates addressing two vulnerabilities: a denial of service in the golang. org/x/crypto/ssh package (CVE-2025-22869) and a vulnerability related to log file creation in github. com/golang/glog (CVE-2024-45339). These issues affect the container images and packages used in OpenShift 4. 19 deployments. Red Hat rates the security impact as Important and advises all users to upgrade to the updated packages and images via the appropriate release channels. Detailed upgrade instructions are available from Red Hat's official documentation. No known exploits in the wild have been reported at this time.

Red Hat OpenShift Container Platform 4. 17. 38 includes security updates addressing two vulnerabilities: a denial of service in the golang. org/x/crypto/ssh package (CVE-2025-22869) and a vulnerability related to log file creation in github. com/golang/glog (CVE-2024-45339). These issues affect the container images and associated packages of OpenShift 4. 17. Users are advised to upgrade to the updated packages and images via the appropriate release channels using the OpenShift CLI or web console. The vendor rates the security impact as Important and provides official updates to remediate these vulnerabilities.

Red Hat OpenShift Container Platform 4. 18. 23 includes security updates addressing two vulnerabilities: CVE-2024-45339, a high-severity issue in github. com/golang/glog related to log file creation, and CVE-2025-22869, a denial of service vulnerability in the key exchange mechanism of golang. org/x/crypto/ssh. These vulnerabilities affect container images and packages used in OpenShift Container Platform 4. 18. Users are advised to upgrade to the updated packages and images available through the appropriate release channels using the OpenShift CLI or web console. The vendor rates the security impact as Important and provides detailed upgrade instructions. No known exploits in the wild have been reported at this time.

Red Hat OpenShift Container Platform 4. 14. 56 includes security updates addressing vulnerabilities in third-party components. Notably, CVE-2024-45339 affects github. com/golang/glog and involves a vulnerability when creating log files. Another vulnerability, CVE-2025-30204, involves excessive memory allocation during header parsing in golang-jwt/jwt. These issues are rated as having an important security impact by Red Hat. Users of OpenShift Container Platform 4. 14 are advised to upgrade to the updated container images and packages available through official release channels. The advisory does not indicate any known exploits in the wild.

Red Hat OpenShift Container Platform 4. 16. 47 includes security updates addressing two vulnerabilities: CVE-2024-45339, a vulnerability related to log file creation in the golang/glog package, and CVE-2025-22869, a denial of service issue in the key exchange mechanism of golang. org/x/crypto/ssh. These issues affect container images and packages used in OpenShift Container Platform 4. 16. Users are advised to upgrade to the updated packages and images available through the official release channels to mitigate these vulnerabilities.

Red Hat OpenShift Container Platform 4. 12. 80 includes important security updates addressing three vulnerabilities: CVE-2024-45338 in golang. org/x/net/html related to non-linear parsing of case-insensitive content, CVE-2025-30204 in golang-jwt/jwt involving excessive memory allocation during header parsing, and CVE-2024-45339 in github. com/golang/glog affecting log file creation. These issues have been rated with a security impact of Important by Red Hat Product Security. Users of OpenShift Container Platform 4. 12 are advised to upgrade to the updated packages and container images when available via official release channels. Detailed upgrade instructions are provided by Red Hat. No known exploits in the wild have been reported at this time.

Red Hat OpenShift Container Platform 4. 13. 60 includes important security updates addressing multiple vulnerabilities in third-party Go libraries used within the platform. These vulnerabilities involve issues such as non-linear parsing of case-insensitive content, excessive memory allocation during JWT header parsing, unexpected memory consumption during token parsing, and a vulnerability related to log file creation. Red Hat has released updated container images to fix these issues and advises all users of OpenShift Container Platform 4. 13 to upgrade accordingly. There are no RPM packages for this release, and the update is delivered via updated container images. Instructions for upgrading are available through Red Hat's official documentation and tools.

Red Hat OpenShift Container Platform 4. 15. 58 includes important security updates addressing three vulnerabilities: an authorization bypass due to misuse of ServerConfig. PublicKeyCallback in golang. org/x/crypto/ssh (CVE-2024-45337), a denial of service in the key exchange of golang. org/x/crypto/ssh (CVE-2025-22869), and a vulnerability in github. com/golang/glog related to log file creation (CVE-2024-45339). These issues affect the OpenShift Container Platform used for on-premise or private cloud Kubernetes deployments. Red Hat has released updated container images and RPM packages to fix these vulnerabilities. Users of OpenShift Container Platform 4.

Red Hat OpenShift Container Platform 4. 12. 81 includes security updates addressing three vulnerabilities related to golang libraries used within the platform. These vulnerabilities involve improper handling of log file creation and excessive memory allocation during token and header parsing. The update is rated by Red Hat Product Security as having a low security impact overall. Users of OpenShift Container Platform 4. 12 are advised to upgrade to the updated packages and container images when available through official release channels.

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.20.0. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHEA-2025:4782 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/ Security Fix(es): * openshift-api: openshift-controller-manager/build: Build Process in OpenShift Allows Overwriting of Node Pull Credentials (CVE-2024-45497) * helm.sh/helm/v3: Helm Chart Code Execution (CVE-2025-53547) * golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869) * github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog (CVE-2024-45339) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.20 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.