RedHat: RHSA-2022-6184:01 Important: Self Node Remediation Operator...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Self Node Remediation Operator 0.4.1 security update
Advisory ID:       RHSA-2022:6184-01
Product:           RHWA
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6184
Issue date:        2022-08-25
CVE Names:         CVE-2022-1292 CVE-2022-1586 CVE-2022-1785 
                   CVE-2022-1897 CVE-2022-1927 CVE-2022-2068 
                   CVE-2022-2097 CVE-2022-30631 
=====================================================================

1. Summary:

This is an updated release of the Self Node Remediation Operator. The Self
Node Remediation Operator replaces the Poison Pill Operator, and is
delivered by Red Hat Workload Availability.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

The Self Node Remediation Operator works in conjunction with the Machine
Health Check or the Node Health Check Operators to provide automatic
remediation of unhealthy nodes by rebooting them. This minimizes downtime
for stateful applications and RWO volumes, as well as restoring compute
capacity in the event of transient failures.

Security Fix(es):

* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, see the CVE page(s)
listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, see:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

5. References:

https://access.redhat.com/security/cve/CVE-2022-1292
https://access.redhat.com/security/cve/CVE-2022-1586
https://access.redhat.com/security/cve/CVE-2022-1785
https://access.redhat.com/security/cve/CVE-2022-1897
https://access.redhat.com/security/cve/CVE-2022-1927
https://access.redhat.com/security/cve/CVE-2022-2068
https://access.redhat.com/security/cve/CVE-2022-2097
https://access.redhat.com/security/cve/CVE-2022-30631
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYwdmJdzjgjWX9erEAQhbTQ//Tplmgrd41CYr3MR1vSfhYdQqJ34XomuL
GVZ77BNRxA7zb3JbCM11UhxmnZGFfSHvza7hWXsJuHLlRxp+niURrxzHcERDTolY
Glh8K0KNa4cPAbvBkL293UJz3yfwbuy1XUn55tQ2s4BSKyLmDlekxT/8P96gUbl4
JEw5B1gV/XHYk0njC5PgGjmwwe6JT05efvBFaiSLDkHhahpBjamUaDMov7IElIu7
khA8XF/Ty2KXrWDNdothqw1TCHRc41pQLo3MPpeGyA6QTFvw+6nNvYtr5bi6PspO
raElAq1kszYiLXF1/FHrE5ZVWRJrwAPIlt+ZtYS6JCQmvHJPEEGGBuuzPYsraR25
+NI8r8z5aiNxYtP4/TtBFZD9SmZE4zr64z5vHZAzv4YUvFl5Fs3ITx88SQ20opXT
BtgWxz1rsyDrcF2nOH98BrczJVsG7kpnQGw/Zhpril8n1AP/o7YEBE1TPjpG33PA
RkFfHEfsev0pmuxN69DmBA290XN+khQSBgWKhndACDA5HcjA7hO4/jqxxW+TzfFS
gplu7pnyXSmTgYQxuHNfREkePpwzDCIPkXVOCQdlSpXF0iFgcCXygs6dq30j+54z
lWPGcfYNE+0L1tGeUtgTcBgeeMHc/zX3+9BGXZ+rA3oLxV/ySZNQfJqQsH4CUyqr
2xsqRVjngeU=
=QoWK
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-6184:01 Important: Self Node Remediation Operator 0.4.1

This is an updated release of the Self Node Remediation Operator

Summary

The Self Node Remediation Operator works in conjunction with the Machine Health Check or the Node Health Check Operators to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and RWO volumes, as well as restoring compute capacity in the event of transient failures.
Security Fix(es):
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changesdescribed in this advisory, see:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/updates/classification/#important

Package List

Severity
Advisory ID: RHSA-2022:6184-01
Product: RHWA
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6184
Issued Date: : 2022-08-25
CVE Names: CVE-2022-1292 CVE-2022-1586 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-30631

Topic

This is an updated release of the Self Node Remediation Operator. The SelfNode Remediation Operator replaces the Poison Pill Operator, and isdelivered by Red Hat Workload Availability.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.