RedHat: RHSA-2022-0687:01 Moderate: OpenShift API for Data Protection
Summary
OpenShift API for Data Protection (OADP) enables you to back up and restore
application resources, persistent volume data, and internal container
images to external backup storage. OADP enables both file system-based and
snapshot-based backups for persistent volumes.
Security Fix(es):
* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service
(CVE-2021-29482)
* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Summary
Solution
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-4122 https://access.redhat.com/security/cve/CVE-2021-29482 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/updates/classification/#moderate
Package List
Topic
OpenShift API for Data Protection (OADP) 1.0.1 is now available.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service
2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion
5. JIRA issues fixed (https://issues.redhat.com/):
OADP-198 - MTC upgrade path will be affected by changed labelselectors on operands
OADP-223 - Velero is reconciling on BSLs in other namespaces
OADP-272 - Migration of internal images fails due to `common` plugin not labeling deployments