从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞编号:RHSA-2024:6724 2. 发布日期:2024-09-18 3. 类型/严重性:安全公告,重要 4. 受影响的产品: - Red Hat OpenShift Data Foundation 4 for RHEL 9 x86_64 - Red Hat OpenShift Data Foundation for IBM Power, little endian 4 for RHEL 9 ppc64le - Red Hat OpenShift Data Foundation for IBM Z and LinuxONE 4 for RHEL 9 s390x - Red Hat OpenShift Data Foundation for RHEL 9 ARM 4 aarch64 5. 修复的漏洞: - BZ-2266006:[RDR] [Hub recovery][4.16 clone] [Neutral] 修复了在集群管理节点上挂载失败的问题。 - BZ-2268820:CVE-2024-28176:修复了jose: resource exhaustion问题。 - BZ-2270863:CVE-2024-29180:修复了webpack-dev-middleware: lack of URL validation may lead to file leak问题。 - BZ-2290526:[Tracker ACM-12001] [RDR] VolSync - rsync-tls fails to sync when there are too many files in the root of the source PVC问题。 - BZ-2290675:[RDR] 修复了Disaster Recovery web console page (All Clusters -> Data Services -> Disaster Recovery) is not opening and throws an error most of the time问题。 - BZ-2292668:CVE-2024-24789:golang: archive/zip: Incorrect handling of certain ZIP files问题。 - BZ-2292777:CVE-2024-37890:nodejs-ws: denial of service when handling a request with many HTTP headers问题。 - BZ-2293200:CVE-2024-28863:node-tar: denial of service while parsing a tar file due to lack of folders depth validation问题。 - BZ-2294000:CVE-2024-6104:go-retryablehttp: url might write sensitive information to log file问题。 - BZ-2300022:[ODF 4.16][UI] Ceph storage pool created with pg_num and ppg_num 1; osd_pool_default_pg_num is 32, must set deviceClass on all pools问题。 - BZ-2300289:ocs-client-op should deploy webhook and intercept subscription changes only when managing CSI问题。 - BZ-2300332:[ODF 4.16][UI] Hide "builtin-mgr" block pool CR问题。 - BZ-2300499:CVE-2024-41818:fast-xml-parser: ReDOS at currency parsing in currency.js问题。 - BZ-2303177:after upgrade from 4.15.15 to 4.15.18 image registry pods are stuck at ?container creating问题。 - BZ-2303414:[Backport to 4.16.z] Backingstore Stuck "Connecting" post ODF v4.15 Upgrade - INVALID_SCHEMA_REPLY SERVER system_api#/methods/read_system问题。 - BZ-2304074:remove client-op deployed subscription webhook before it is scaled down by odf-op问题。 - BZ-2309710:CVE-2024-8421:golang.org/x/net/http2: Multiple HTTP/2 enabled web servers (Rapid Reset Attack)问题。 - BZ-2310210:[QA Only] Qualify RHCS-6.1z7 with ODF-4.16.2 in the External Mode问题。 6. CVE编号: - CVE-2023-45290 - CVE-2024-1737 - CVE-2024-1975 - CVE-2024-2398 - CVE-2024-4076 - CVE-2024-6104 - CVE-2024-6345 - CVE-2024-6923 - CVE-2024-8421 - CVE-2024-24789 - CVE-2024-24790 - CVE-2024-28176 - CVE-2024-28863 - CVE-2024-29180 - CVE-2024-37370 - CVE-2024-37371 - CVE-2024-37890 - CVE-2024-37891 - CVE-2024-38428 - CVE-2024-41818 7. 参考链接: - https://access.redhat.com/security/updates/classification/#important 这些信息可以帮助用户了解漏洞的详细情况、受影响的产品和修复的漏洞,以便采取相应的安全措施。