Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Red Hat OpenShift 2.2.2 RHSA-2022:6283-01 Moderate: Stack Exhaustion Issues

red hat
Calendar Grey August 31, 2022
Dist Redhat Esm H88
Red Hat OpenShift Service Mesh 2.2.2 receives a noteworthy security enhancement featuring multiple corrections for stack overflow vulnerabilities.
Red Hat OpenShift Service Mesh 2.2.2 Containers Red Hat Product Security has rated this update as having a security impact of Moderate

Solution

The OpenShift Service Mesh Release Notes provide information on the features and known issues:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/service_mesh/service-mesh-2-x

Summary

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
This advisory covers the RPM packages for the release.
Security Fix(es):
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962) * golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633) * golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory security update Red Hat stack exhaustion service mesh

References

https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-1962 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-31107 https://access.redhat.com/security/updates/classification/#moderate

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2022:6283-01
Product: Red Hat OpenShift Service Mesh
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6283
Issue date: 2022-08-31

Topic

Red Hat OpenShift Service Mesh 2.2.2 ContainersRed Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security update Red Hat stack exhaustion service mesh

Relevant Releases Architectures

Bugs Fixed

2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob

2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions

2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob

2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode

2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip

2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

OSSM-1105 - IOR doesn't support a host with namespace/ prefix

OSSM-1205 - Specifying logging parameter will make istio-ingressgateway and istio-egressgateway failed to start

OSSM-1668 - [Regression] jwksResolverCA field in SMCP is missing

OSSM-1718 - Istio Operator pauses reconciliation when gateway deployed to non-control plane namespace

OSSM-1775 - [Regression] Incorrect 3scale image specified for 2.0 control planes

OSSM-1800 - IOR should copy labels from Gateway to Route

OSSM-1805 - Reconcile SMCP when Kiali is not available

OSSM-1846 - SMCP fails to reconcile when enabling PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER

OSSM-1868 - Container release for Maistra 2.2.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here