Red Hat Security Advisory 2020-2524-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.
fbfa3ba2771ca3d2c3032055cbc5daf2cd75681af6e4354f70742b1030e2f63e-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat OpenShift Service Mesh 1.0 servicemesh-proxy security update
Advisory ID: RHSA-2020:2524-01
Product: Red Hat OpenShift Service Mesh
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2524
Issue date: 2020-06-11
CVE Names: CVE-2020-11080
====================================================================
1. Summary:
An update for servicemesh-proxy is now available for OpenShift Service Mesh
1.0.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
OpenShift Service Mesh 1.0 - x86_64
3. Description:
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio
service mesh project, tailored for installation into an on-premise
OpenShift Container Platform installation.
Security Fix(es):
* nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
The OpenShift Service Mesh release notes provide information on the
features and known issues:
https://docs.openshift.com/container-platform/latest/service_mesh/serviceme
sh-release-notes.html
5. Bugs fixed (https://bugzilla.redhat.com/):
1844929 - CVE-2020-11080 nghttp2: overly large SETTINGS frames can lead to DoS
6. Package List:
OpenShift Service Mesh 1.0:
Source:
servicemesh-proxy-1.0.10-3.el8.src.rpm
x86_64:
servicemesh-proxy-1.0.10-3.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-11080
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXuHXcdzjgjWX9erEAQj6PA/+MYqlEB6bA3p7UiZ10IsOdDZg6RWkFF/u
qyDhGVr79HZc45VDBKcok5AXlnkZgLuJS5ll13I/hK7Z62DkoZ/1CZNp4v571dzT
gd7eyW9r59wD5+FNP1K9kuQjnCG1iLtty5rmuZq+U52x/jvejaZfB7jQ8kTbeGBQ
ZKnsqE2+B5KNbMmbbLAgCMWJiS3dJ3cFnaSAKB93I4tPIDOpqbdO2FzkEg4QLlus
HaImzHXVsGFTyI9NkQeUAiw5myqMv616EYv9KNvDJVSnJW0geWZlvVAm9HXvweJx
7LR85uJJ64iUiMIz5aOFAInpoYZ3kCk6hQTQu+nGX5amSvgaEunaia4jAKH0SCWB
GaF88MjXAm2UZxBj/8m4rewmRN1KfDgxftPNUbIYyRcl/OqCurMui9j5PdXV/SyY
W+1fxxTEAtozJk+nQxYmO+aZHAD02PSk53zAMhyVB5E+1+gwkGnMJhiZtzfnFGGA
PJFieoD/UjVjr6RxG3GAtlapjTBCOD91wcKUZ6RvZ3Anir2qzAPekVQ0nBoMmFwG
Bb3MDO2O9ghv3BA29LYPiYyvRof4GFAlrIPPkK3fhb7uF6YkngQJ8MhNTuqlM/dR
WDy3BMAO7Tm+q15dC54l1Ubv5XuBxymvIuXtTGbdbrRr7pY/rlPN9xpJuCX6T0C3
Z1PozwY0OQI=t2tq
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed