-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Dev Spaces Security Update Advisory ID: RHSA-2023:4286-01 Product: Red Hat OpenShift Dev Spaces Advisory URL: https://access.redhat.com/errata/RHSA-2023:4286 Issue date: 2023-07-26 CVE Names: CVE-2020-24736 CVE-2022-36227 CVE-2022-48281 CVE-2023-1667 CVE-2023-2283 CVE-2023-3089 CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 CVE-2023-26604 CVE-2023-27535 CVE-2023-28466 ===================================================================== 1. Summary: Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.7.1 release is based on Eclipse Che 7.67. Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. https://access.redhat.com/support/policy/updates/openshift#crw Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. Security Fix(es): * openshift: OCP & FIPS mode (CVE-2023-3089) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 5. References: https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2022-48281 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-22006 https://access.redhat.com/security/cve/CVE-2023-22036 https://access.redhat.com/security/cve/CVE-2023-22041 https://access.redhat.com/security/cve/CVE-2023-22045 https://access.redhat.com/security/cve/CVE-2023-22049 https://access.redhat.com/security/cve/CVE-2023-25193 https://access.redhat.com/security/cve/CVE-2023-26604 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-28466 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2023-001 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJkwX/zAAoJENzjgjWX9erEowoQAKgWS3yoCixB3uNj2paYAwyZ atEs+n+P5DEROfnA9Qf5K/ObcmWXyjIpFjQULhOJxFXLXSw+9D/sGZ3jfSszqK6q WoZ6XIdiPtOnDmEy/8+co1h2szglwgEu2hN6OxN5SeASU4qoe4xRWm+cCyV/p1ig prOlLAJOqwOEJj81kFB+uxLQrhDo7O3srpZNX8sM70V5QNIsAnLrts98GXkzpIJl OyOkRUZUfsfy5YfgYRZ9LBR6VP5RRN5qlrX5rjBTTB+m74PRxRPKx5bYXMOBJuds xj3c8PipoXgWicMc5VL28QFMp9JyODMN8aHrfxG+b3f+9nM3XH2t3lOP0ktneQ0T 8a/c4pSnBftUjbTM0DNZquWzXm2L2ECinRVHc8BiVkjw3vn4w1uxqiCBboqhxMq9 t4S5xc61KbrvbXByHtPgaKI2L0rvQFdMGLJ+rnNql5JIYXQBWRps81DqzKnm41/2 TsTWHa1lrc13KrFF8WPtBpQuxYW/mivwSesQ9OVOADf/yPFinrCpJtqbSorSpZU/ Y/0MKub11Et+q4faVFNFi0CiwAz3lEFh+EFy2OW5qaP1RINJJv8F9ryosRT6SiI6 Zf424hNDjn1TbY1yDlPTGkMFuXeRDc+mlLq88x2w7y8eXKvg3gqAMsGKRYTH3W39 ePHoEIcuy/WowrggChHH =tFhm -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce