Red Hat 3scale API Management 2.11.0 RHSA-2021:3851-01 Critical Threat
red hat
October 14, 2021
Red Hat 3scale API Management 2.11.0 Release - Container Images A security update for Red Hat 3scale API Management is now available from the Red Hat Container Catalog
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management
/2.11/html-single/installing_3scale/index
Summary
Red Hat 3scale API Management delivers centralized API management features
through a distributed, cloud-hosted layer. It includes built-in features to
help in building a more successful API program, including access control,
rate limits, payment gateway integration, and developer experience tools.
This advisory is intended to use with Container Images, for Red Hat 3scale
API Management 2.11.0.
Security Fixes:
* PT RHOAM: XSS in 3scale at various places (CVE-2021-3442)
* aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang
(CVE-2020-8911)
* aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang
(CVE-2020-8912)
For more details about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
pages listed in the References section.
References
https://access.redhat.com/security/cve/CVE-2020-8911 https://access.redhat.com/security/cve/CVE-2020-8912 https://access.redhat.com/security/cve/CVE-2021-3442 https://access.redhat.com/security/cve/CVE-2021-3653 https://access.redhat.com/security/cve/CVE-2021-3715 https://access.redhat.com/security/cve/CVE-2021-22922 https://access.redhat.com/security/cve/CVE-2021-22923 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-27218 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/updates/classification/#important
Package List
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2021:3851-01
Product: 3scale API Management
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3851
Issue date: 2021-10-14
Topic
Red Hat 3scale API Management 2.11.0 Release - Container ImagesA security update for Red Hat 3scale API Management is now available fromthe Red Hat Container Catalog.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilitylisted as CVE link(s) in the References section.
Relevant Releases Architectures
Bugs Fixed
1869800 - CVE-2020-8911 aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang
1869801 - CVE-2020-8912 aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang
1930083 - CVE-2021-3442 PT RHOAM: XSS in 3scale at various places
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!