For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.12.5 RPMs.
Security Fix(es):
* golang: html/template: improper handling of JavaScript whitespace
(CVE-2023-24540)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/updates/classification/#important
CNV 4.12 for RHEL 7:
Source:
kubevirt-4.12.5-1189.el7.src.rpm
x86_64:
kubevirt-virtctl-4.12.5-1189.el7.x86_64.rpm
kubevirt-virtctl-redistributable-4.12.5-1189.el7.x86_64.rpm
CNV 4.12 for RHEL 8:
Source:
kubevirt-4.12.5-1189.el8.src.rpm
x86_64:
kubevirt-virtctl-4.12.5-1189.el8.x86_64.rpm
kubevirt-virtctl-redistributable-4.12.5-1189.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Red Hat OpenShift Virtualization release 4.12.5 is now available withupdates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
CNV 4.12 for RHEL 7 - x86_64
CNV 4.12 for RHEL 8 - x86_64
2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace
2227593 - Tracker for 4.12.5 RPM
Get the latest Linux and open source security news straight to your inbox.