RedHat: RHSA-2022-7407:01 Moderate: Service Binding Operator 1.3.1 ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Service Binding Operator 1.3.1 security update
Advisory ID:       RHSA-2022:7407-01
Product:           OpenShift Developer Tools and Services
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7407
Issue date:        2022-11-03
CVE Names:         CVE-2020-35525 CVE-2020-35527 CVE-2022-2509 
                   CVE-2022-3515 CVE-2022-32149 CVE-2022-37434 
=====================================================================

1. Summary:

An update for service-binding-operator-bundle-container and
service-binding-operator-container is now available for OpenShift Developer
Tools and Services for OCP 4.9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Service Binding Operator 1.3.1 is now available for OpenShift Developer
Tools and Services for OCP 4.9 +

Security Fix(es):

* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time
to parse complex tags (CVE-2022-32149)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

For details on how to apply this update, see:
https://access.redhat.com/articles/11258.

Follow the instructions linked in the References section to create service
binding connections between applications and services using the Developer
perspective in the OpenShift Container Platform web console.

4. Bugs fixed (https://bugzilla.redhat.com/):

2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

5. JIRA issues fixed (https://issues.jboss.org/):

APPSVC-1220 - Fix CVE-2022-32149

6. References:

https://access.redhat.com/security/cve/CVE-2020-35525
https://access.redhat.com/security/cve/CVE-2020-35527
https://access.redhat.com/security/cve/CVE-2022-2509
https://access.redhat.com/security/cve/CVE-2022-3515
https://access.redhat.com/security/cve/CVE-2022-32149
https://access.redhat.com/security/cve/CVE-2022-37434
https://access.redhat.com/security/updates/classification/#moderate
https://docs.openshift.com/container-platform/latest/applications/connecting_applications_to_services/odc-connecting-an-application-to-a-service-using-the-developer-perspective.html

7. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY2QOrdzjgjWX9erEAQjn+A//X6hSXPC7IwDSYPPbFS3+dzfmnysoy/zd
F+yf+uHWgtf4iIJgcqrwqo0Trc9tPqauN6JuBYvROdiK4qJPJm7ni8jme4EU34mx
EX4reTVrltLti8Dhv1G9CrtHZic9dxV9zZrxbMP16BaNlHkhlvi5q6JipZLTc+qU
KlLr79UN/cBfzfKYc53Nbfej+q4GbG97imnOysKozP+v5YN7f9SLycFoxIo1tv53
kQGNdWpFBE7AAhd28fn0iXK8D1Y9FW//xahuJAH+NA/oIjbFRRmwGMxaeANo88Cy
jqUoCXCykAmOsKiFHXiD4fu/TsmAkHUuguwzrZvtlapjpKDCKKPiOD4G/uBMyhtb
dXH+2kMOMNRA38LMFHKCsltPHqPzKiMS5UnYk6w7yXDl7IW/45rt0HrK70/Yt9jr
22XrvLnYSMHStEzhPcxHuUAt1m2bVk67XMYfH5luQRdKbdG+nMWx9ekA8Fhyebax
nRpNDPdbETleXS4NMXACtVkaT/ps7JnrrhbsXB4bW4tAj8l5ryUeNu0aA+6uZo3K
Om2MES7KriMsCvU93v8/AmIxtMERAVHxPlo230bB4y4MQiA0l3IxGViRZdDM5N2p
7acUjOyNm6PvsZQ33gDgH4pwddBIaAOu/nDJUAzHPqFrPTmrHmMe/OGPo9sb6QEq
oTqLGhQ76lU=
=CnnY
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-7407:01 Moderate: Service Binding Operator 1.3.1 security

An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9

Summary

Service Binding Operator 1.3.1 is now available for OpenShift Developer Tools and Services for OCP 4.9 +
Security Fix(es):
* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, ensure all previously released errata relevantto your system have been applied.For details on how to apply this update, see:https://access.redhat.com/articles/11258.Follow the instructions linked in the References section to create servicebinding connections between applications and services using the Developerperspective in the OpenShift Container Platform web console.

References

https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-32149 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/updates/classification/#moderate https://docs.openshift.com/container-platform/latest/applications/connecting_applications_to_services/odc-connecting-an-application-to-a-service-using-the-developer-perspective.html

Package List

Severity
Advisory ID: RHSA-2022:7407-01
Product: OpenShift Developer Tools and Services
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7407
Issued Date: : 2022-11-03
CVE Names: CVE-2020-35525 CVE-2020-35527 CVE-2022-2509 CVE-2022-3515 CVE-2022-32149 CVE-2022-37434

Topic

An update for service-binding-operator-bundle-container andservice-binding-operator-container is now available for OpenShift DeveloperTools and Services for OCP 4.9.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

5. JIRA issues fixed (https://issues.jboss.org/):

APPSVC-1220 - Fix CVE-2022-32149

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.