RedHat: RHSA-2022-7407:01 Moderate: Service Binding Operator 1.3.1 security
Summary
Service Binding Operator 1.3.1 is now available for OpenShift Developer
Tools and Services for OCP 4.9 +
Security Fix(es):
* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time
to parse complex tags (CVE-2022-32149)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Summary
Solution
Before applying this update, ensure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, see:
https://access.redhat.com/articles/11258.
Follow the instructions linked in the References section to create service
binding connections between applications and services using the Developer
perspective in the OpenShift Container Platform web console.
References
https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-32149 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/updates/classification/#moderate https://docs.openshift.com/container-platform/4.14/applications/connecting_applications_to_services/odc-connecting-an-application-to-a-service-using-the-developer-perspective.html
Package List
Topic
An update for service-binding-operator-bundle-container andservice-binding-operator-container is now available for OpenShift DeveloperTools and Services for OCP 4.9.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags
5. JIRA issues fixed (https://issues.redhat.com/):
APPSVC-1220 - Fix CVE-2022-32149