Red Hat Security Advisory 2021-2543-01

Red Hat Security Advisory 2021-2543-01: Posted Jun 24, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-2543-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include code execution and denial of service vulnerabilities.; tags | advisory, denial of service, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2016-10228, CVE-2017-14502, CVE-2019-25013, CVE-2019-2708, CVE-2019-3842, CVE-2019-9169, CVE-2020-13434, CVE-2020-13776, CVE-2020-13949, CVE-2020-15358, CVE-2020-24977, CVE-2020-26116, CVE-2020-27618, CVE-2020-27619, CVE-2020-28196, CVE-2020-28362, CVE-2020-28500, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-8927, CVE-2021-20305, CVE-2021-23336; SHA-256 | de10f870e361f9c40e606f0ad79acca7e8e375dc5f52949dbafbc84fbfe8b8b3; Download | Favorite | View

Red Hat Security Advisory 2021-2543-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift Jaeger 1.20.4 security update
Advisory ID:       RHSA-2021:2543-01
Product:           Red Hat OpenShift Jaeger
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2543
Issue date:        2021-06-24
CVE Names:         CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 
                   CVE-2019-3842 CVE-2019-9169 CVE-2019-25013 
                   CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 
                   CVE-2020-8286 CVE-2020-8927 CVE-2020-13434 
                   CVE-2020-13776 CVE-2020-13949 CVE-2020-15358 
                   CVE-2020-24977 CVE-2020-26116 CVE-2020-27618 
                   CVE-2020-27619 CVE-2020-28196 CVE-2020-28362 
                   CVE-2020-28500 CVE-2020-29361 CVE-2020-29362 
                   CVE-2020-29363 CVE-2021-3114 CVE-2021-3177 
                   CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 
                   CVE-2021-20305 CVE-2021-23336 CVE-2021-23337 
                   CVE-2021-27219 
=====================================================================

1. Summary:

An update is now available for Red Hat OpenShift Jaeger 1.20.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project,
tailored for installation into an on-premise OpenShift Container Platform
installation.

Security Fix(es):

* libthrift: potential DoS when processing untrusted payloads
(CVE-2020-13949)

* golang: math/big: panic during recursive division of very large numbers
(CVE-2020-28362)

* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
(CVE-2020-28500)

* golang: crypto/elliptic: incorrect operations on the P-224 curve
(CVE-2021-3114)

* nodejs-lodash: command injection via template (CVE-2021-23337)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb
jaeger-updating.html

4. Bugs fixed (https://bugzilla.redhat.com/):

1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
1928172 - CVE-2020-13949 libthrift: potential DoS when processing untrusted payloads
1928937 - CVE-2021-23337 nodejs-lodash: command injection via template
1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions

5. References:

https://access.redhat.com/security/cve/CVE-2016-10228
https://access.redhat.com/security/cve/CVE-2017-14502
https://access.redhat.com/security/cve/CVE-2019-2708
https://access.redhat.com/security/cve/CVE-2019-3842
https://access.redhat.com/security/cve/CVE-2019-9169
https://access.redhat.com/security/cve/CVE-2019-25013
https://access.redhat.com/security/cve/CVE-2020-8231
https://access.redhat.com/security/cve/CVE-2020-8284
https://access.redhat.com/security/cve/CVE-2020-8285
https://access.redhat.com/security/cve/CVE-2020-8286
https://access.redhat.com/security/cve/CVE-2020-8927
https://access.redhat.com/security/cve/CVE-2020-13434
https://access.redhat.com/security/cve/CVE-2020-13776
https://access.redhat.com/security/cve/CVE-2020-13949
https://access.redhat.com/security/cve/CVE-2020-15358
https://access.redhat.com/security/cve/CVE-2020-24977
https://access.redhat.com/security/cve/CVE-2020-26116
https://access.redhat.com/security/cve/CVE-2020-27618
https://access.redhat.com/security/cve/CVE-2020-27619
https://access.redhat.com/security/cve/CVE-2020-28196
https://access.redhat.com/security/cve/CVE-2020-28362
https://access.redhat.com/security/cve/CVE-2020-28500
https://access.redhat.com/security/cve/CVE-2020-29361
https://access.redhat.com/security/cve/CVE-2020-29362
https://access.redhat.com/security/cve/CVE-2020-29363
https://access.redhat.com/security/cve/CVE-2021-3114
https://access.redhat.com/security/cve/CVE-2021-3177
https://access.redhat.com/security/cve/CVE-2021-3326
https://access.redhat.com/security/cve/CVE-2021-3449
https://access.redhat.com/security/cve/CVE-2021-3450
https://access.redhat.com/security/cve/CVE-2021-20305
https://access.redhat.com/security/cve/CVE-2021-23336
https://access.redhat.com/security/cve/CVE-2021-23337
https://access.redhat.com/security/cve/CVE-2021-27219
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYNSjK9zjgjWX9erEAQj02A//esq4YQivfl3D9rTqPjwyj9qod+grm3Bt
2SRzHfxy0gLFvsL79HLubB4fMU47PKMK3h4nf9a9Pb/H57AviWfPyrRXhs1PzgKs
8gsoe2JjCzAK8GTbeTR5zyu6vDFz5C5PfQXExWoe9WhRPpGKLXs8qozBprQfXowC
X1qgQEbNdDqx8OnBrqaWw4Gy8FUziWMUHwuD+/ADIybbmUq8/WW/qn7LYmfnKJHo
Syyyp8jTs5uSktRTERZh5y17a+SNJRBzMzZ+h1I3oBw7sfhzICclj6I3vq0I4MQD
5hfn4hYyBfJH2vARpaZ6g5116KrlHOkpCcWxx6wgj3jtaKROeQzY/T6wI78moNNo
d14dzT7SgXDcWBN9WsBSK/f4xtcw0tQEyFYgxlUm/LEXaVfMPeTd7Hsdw7qi5F2M
fXPGVNdUysnQqdt8CEhWWN7cKy/zRm3cJ3fHKa/7u/T8fXMEfuYd4YALCYjcylAZ
0ZjT965zB+tofKaQEjo6iP8dEHRWt1D2+vb8CnRLPiN+8PW5LGNKmtvfWwhUMxLm
jZW/+RdZ2RSNga4cHfH72DWFtM/IHbWtUa6Gyos7hJ1bGsLEoefezbmrYc8hCaJ0
8cvjxKDRYjVzGAn7ziKsqrasO+nOEzRhd+hB5KqNQ3CNl8NLQMAP1hRRbB2o/kR4
9h7Ahp/T64M=
=DJXj
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Red Hat Security Advisory 2021-2543-01

Red Hat Security Advisory 2021-2543-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2021-2543-01

Share This

Red Hat Security Advisory 2021-2543-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems