Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-3372:01 Moderate: Red Hat OpenShift Service Mesh

    Date
    205
    Posted By
    An update for 3scale-istio-adapter-rhel8-container is now available for OpenShift Service Mesh. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: Red Hat OpenShift Service Mesh 3scale-istio-adapter-rhel8-container security update
    Advisory ID:       RHSA-2020:3372-01
    Product:           Red Hat OpenShift Service Mesh
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3372
    Issue date:        2020-08-06
    CVE Names:         CVE-2020-9283 CVE-2020-11080 CVE-2020-14040 
    =====================================================================
    
    1. Summary:
    
    An update for 3scale-istio-adapter-rhel8-container is now available for
    OpenShift Service Mesh.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Description:
    
    Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio
    service mesh project, tailored for installation into an on-premise
    OpenShift Container Platform installation.
    
    Security Fix(es):
    
    * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows
    for panic (CVE-2020-9283)
    
    * golang.org/x/text: possibility to trigger an infinite loop in
    encoding/unicode could lead to crash (CVE-2020-14040)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    3. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
    1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
    
    5. JIRA issues fixed (https://issues.jboss.org/):
    
    MAISTRA-1716 - Release 3scale-istio-adapter-rhel container
    
    6. References:
    
    https://access.redhat.com/security/cve/CVE-2020-9283
    https://access.redhat.com/security/cve/CVE-2020-11080
    https://access.redhat.com/security/cve/CVE-2020-14040
    https://access.redhat.com/security/updates/classification/#moderate
    
    7. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXyxmttzjgjWX9erEAQhuDQ/5Ac/xFUMD/Gt0izxxIxDym6IR0Am04lHN
    mBq4x/CtftXRVPMnbHE39SasCKs2PPvB1h3qPrvEpXyCRsNGfXHgaitvvUtrpEdB
    w/ahVdvf3jzhj+BoU7u1m61PQil4+X3pE5d1hz3DjrmkstWePVyQoUFeXhnCXnDi
    T+AN4I4u3bWpqDRn74if+h/sclxTutrUz//wO+FmKAiYd6oc0rN6foqk5P5Qy5vs
    2k+kW9v+LkJa3JwxjLXsXykcwOXpouJYlY9OLAE89w5mLgw7RccRqAK4QfOUXinK
    KuuGTBnGUYxe/jg8OVSTfWdhy99mLZxaspmZRsxbUxYR2P0TpGNiyBVm7eRG/y3W
    sTT7z+QCW6FDs6J/it+OQbCtgOSdYUnI8VJXQ1RRBWCogt9da5uZCVUFFx4lFB6H
    pBB74yHgoupufgs4MPgaGIU55qnKIsC+QKoNL7GD3FsYvGddsTkck0KqZJzb2794
    B4NhXSjqN/eVzXVnsHONrPRoCRt1m1V0+qu0OznZQ4vDUBLaHOEDqCr5Ic8jA5Pu
    aFeMGmKhTFJR7JpWSObBLRf8cma1o3Z7UpVZbE8tyLgAjTuTLeovofxB5T0F7Hnn
    /VIWVSXkQlz2ANKhv39hc/VveV5LIMUInVTHaNHHw2g1uVOXepadcuvqmV15p450
    JOErQVXrxWA=
    =FI2L
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    Advisories

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.