RedHat: RHSA-2020-0477:01 Important: Red Hat OpenShift Service Mesh 1.0.7

    Date 11 Feb 2020
    691
    Posted By LinuxSecurity Advisories
    Red Hat OpenShift Service Mesh 1.0.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: Red Hat OpenShift Service Mesh 1.0.7 servicemesh-proxy security update
    Advisory ID:       RHSA-2020:0477-01
    Product:           Red Hat OpenShift Service Mesh
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0477
    Issue date:        2020-02-12
    CVE Names:         CVE-2020-8595 
    =====================================================================
    
    1. Summary:
    
    Red Hat OpenShift Service Mesh 1.0.7.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    OpenShift Service Mesh 1.0 - x86_64
    
    3. Description:
    
    Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio
    service mesh project, tailored for installation into an on-premise
    OpenShift Container Platform installation.
    
    This advisory covers the RPM packages for the OpenShift Service Mesh 1.0.7
    release.
    
    Security Fix(es):
    
    * istio: unauthorised access to JWT protected HTTP path (CVE-2020-8595)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    The OpenShift Service Mesh release notes provide information on the
    features and known issues:
    
    https://docs.openshift.com/container-platform/4.3/service_mesh/servicemesh-
    release-notes.html
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1798247 - CVE-2020-8595 istio: unauthorised access to JWT protected HTTP path
    
    6. Package List:
    
    OpenShift Service Mesh 1.0:
    
    Source:
    servicemesh-proxy-1.0.7-1.el8.src.rpm
    
    x86_64:
    servicemesh-proxy-1.0.7-1.el8.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2020-8595
    https://access.redhat.com/security/updates/classification/#important
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXkNCnNzjgjWX9erEAQg9rQ//dsEQmNpAzQW5H6jlTfnY6XPH1OufVrlM
    R4i2ZYBGLTLm4bk52DT4fLtsM6D3kYjuXwgoLTQg+DtJiXyqes1sZEQQhVIcuu8a
    QPT+Tcs2RDdCLCI8VvEjcj2NP6/XznmJh9VwAW55iaR3RCfPNvMZ237a7igDbWqw
    ugHfTW266TCfBjIlY4McA/OudFpCSsiHeW0t+MiOkyminZ05umrngmRPBe5xjd36
    pG+GQy0tmge8Lzv0H7X7PFcKN/FEqf4umy6J0O3e/ZJOMBcYNfVoriRULkUxrjOa
    NyruFGnHX1zGNn8rbOBYbdj21ShMybOkI1Ox2qUF4nwvw9y98S8JTBgR8N69Jb6f
    FL0blykINzmtXW9RiYT94UaIhwUqOeTp4lbxRL8qwHc2UH4pMtMBnvZVia34FnWw
    Iv9nmciGrz/snYTd5xIfPmdTTKAQ7PYBqmVdwtINdHMkv8rnoOQWlMcg6XgLaC4P
    PkiE38iDqwjihBkzdSnPAcek5v5Zhtl3p43nzzjChr2AmAU6ZGoJ+ussbXK8jqSt
    ReTbONgqYF7xbQCAaEXoHkgm2xnoFuHZyj/aDaEEYzScrIkgNVTugU5PDrzt+300
    iutWShMfT/RzRv6EZhfCjaFLcqZAMmdLgDaC4EfCbnhVVpT6V/WuSE5aRdxPEcgg
    b2hJKwd8Bqw=
    =n6KW
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    How do you feel about the elimination of the terms 'blacklist' and 'slave' from the Linux kernel?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/32-how-do-you-feel-about-the-elimination-of-the-terms-blacklist-and-slave-from-the-linux-kernel?task=poll.vote&format=json
    32
    radio
    [{"id":"112","title":"I strongly support this change - racially charged language should not be used in the code and documentation of the kernel and other open-source projects.","votes":"3","type":"x","order":"1","pct":42.86,"resources":[]},{"id":"113","title":"I'm indifferent - this small change will not affect broader issues of racial insensitivity and white privilege.","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"114","title":"I'm opposed to this change - there is no need to change language that has been used for years. It doesn't make sense for people to take offense to terminology used in community projects.","votes":"2","type":"x","order":"3","pct":28.57,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.