QID 239537

Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or privatecloud deployments.This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.4. See the following advisory for the container images for this release:https://access.redhat.com/errata/RHSA-2021:2983

Security Fix(es): golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) golang: net: lookup functions may return invalid host names (CVE-2021-33195) golang: archive/zip: Malformed archive may cause panic or memory exhaustion (CVE-2021-33196) golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)

Affected Products:

Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
Red Hat OpenShift Container Platform 4.8 for RHEL 7 x86_64
Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

On successful exploitation, it could allow an attacker to execute code.