Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat: RHSA-2022:0318-01 Moderate: OpenShift Tracing Security Update

red hat
Calendar Grey January 27, 2022
Dist Redhat Esm H88
A new release has been announced for Red Hat OpenShift distributed tracing version 2.1, classified as Moderate risk. Important security enhancements have been incorporated.
An update is now available for Red Hat Openshit distributed tracing 2.1

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:


Summary

Release of Red Hat OpenShift distributed Tracing provides these changes:
Security Fix(es):
* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
The Red Hat OpenShift distributed tracing release notes provide information on the features and known issues:

Topics%20covered

Topics Covered

security advisory moderate Red Hat security fix OpenShift tracing

References

https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3426 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3572 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-3778 https://access.redhat.com/security/cve/CVE-2021-3796 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-20231 Read the Full Advisory

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2022:0318-01
Product: RHOSDT
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0318
Issue date: 2022-01-27

Topic

An update is now available for Red Hat Openshit distributed tracing 2.1.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat security fix OpenShift tracing

Relevant Releases Architectures

Bugs Fixed

1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet

1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

TRACING-2235 - Release RHOSDT 2.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here