Red Hat OpenShift 2.1.3: RHSA-2022-5006-01 Important Security Advisory
red hat
June 13, 2022
Red Hat OpenShift Service Mesh 2.1.3
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Summary
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio
service mesh project, tailored for installation into an on-premise
OpenShift Container Platform installation.
This advisory covers the RPM packages for the release.
Security Fix(es):
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* golang: crypto/elliptic IsOnCurve returns true for invalid field elements
(CVE-2022-23806)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* golang: crypto/elliptic: panic caused by oversized scalar
(CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
References
https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-3981 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-25219 https://access.redhat.com/security/cve/CVE-2021-38185 https://access.redhat.com/security/cve/CVE-2021-43813 https://access.redhat.com/security/cve/CVE-2022-1154 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1650 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24785 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-29224 https://access.redhat.com/security/cve/CVE-2022-29225 https://access.redhat.com/security/cve/CVE-2022-29226 https://access.redhat.com/security/cve/CVE-2022-29228 https://access.redhat.com/security/cve/CVE-2022-31045 https://access.redhat.com/security/updates/classification#important
Package List
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2022:5006-01
Product: Red Hat OpenShift Service Mesh
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5006
Issue date: 2022-06-13
Topic
Red Hat OpenShift Service Mesh 2.1.3.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Relevant Releases Architectures
Bugs Fixed
2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements
2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information
5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):
OSSM-1609 - Rebuild Kiali Server and Operator container 1.36 to pick up base image CVE fixes
OSSM-1617 - Container release for Maistra 2.1.3
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!