RedHat: RHSA-2021-3748:01 Moderate: OpenShift Container Storage 3.11.z
Summary
The OpenShift Container Storage solution provides persistent storage
service for OpenShift Containers and OpenShift Infrastructure services.
Security Fix(es):
* golang: crypto/elliptic: incorrect operations on the P-224 curve
(CVE-2021-3114)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a
very large header (CVE-2021-31525)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All users of OpenShift Container Storage 3.11 container images are advised
to pull these updated images from the Red Hat Container Registry.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2020-25648 https://access.redhat.com/security/cve/CVE-2020-25692 https://access.redhat.com/security/cve/CVE-2021-3114 https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/cve/CVE-2021-31525 https://access.redhat.com/security/updates/classification/#moderate
Package List
Topic
Updated container images that fix various bugs are now available for RedHat OpenShift Container Storage 3.11 Update 8 in the Red Hat ContainerRegistry.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
1957321 - Respin the rhgs-server-container container to include latest glusterfs rpm for RHGS 3.5.5
1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header
1987163 - respin volmanager to include latest heketi rpm