exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-0687-01

Red Hat Security Advisory 2022-0687-01
Posted Mar 1, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0687-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-29482, CVE-2021-3521, CVE-2021-41190, CVE-2021-4122
SHA-256 | 2d3f8766f4f08c404e5c5f3eabe6435b0dbdde93b6a4a7e79ad278062cd70ff5

Red Hat Security Advisory 2022-0687-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: OpenShift API for Data Protection (OADP) 1.0.1 security and bug fix update
Advisory ID: RHSA-2022:0687-01
Product: OpenShift API for Data Protection
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0687
Issue date: 2022-02-28
CVE Names: CVE-2021-3521 CVE-2021-4122 CVE-2021-29482
CVE-2021-41190
====================================================================
1. Summary:

OpenShift API for Data Protection (OADP) 1.0.1 is now available.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

OpenShift API for Data Protection (OADP) enables you to back up and restore
application resources, persistent volume data, and internal container
images to external backup storage. OADP enables both file system-based and
snapshot-based backups for persistent volumes.

Security Fix(es):

* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service
(CVE-2021-29482)

* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

3. Solution:

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service
2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion

5. JIRA issues fixed (https://issues.jboss.org/):

OADP-198 - MTC upgrade path will be affected by changed labelselectors on operands
OADP-223 - Velero is reconciling on BSLs in other namespaces
OADP-272 - Migration of internal images fails due to `common` plugin not labeling deployments

6. References:

https://access.redhat.com/security/cve/CVE-2021-3521
https://access.redhat.com/security/cve/CVE-2021-4122
https://access.redhat.com/security/cve/CVE-2021-29482
https://access.redhat.com/security/cve/CVE-2021-41190
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYh2dctzjgjWX9erEAQjtow//b6H6CxJ6cUg/2iTpwGzaOypH1+alfmXV
fUEaGJa+GIiLxMddbjTpjVbeZ3zAIlydyTHy2BqKfgz/iAacyN6PnuQ2JY5xLoQ9
lYKYmxFzbPNcrlmw9PmkQAGz3SIlokgg7sJXDrtp+cluauvWY+Uajr5MWAbVcieF
uqwYcC433P5UPuvaqkSurDQ6HKb4h+PYYDcr3X9NYgFpeu4MPy7yhYMXEYgw/Exh
Xi5LkowIKoqTtlAC0TZLk+zgPrbGwO3Xcp059GPTQzD+esEzIroYvoBtECEX6W71
lfvtIrmQ3cLuJcUlM6e1LsmDWQ9MW0jgsKuZv0kl4w83USsbn6kYA2RTMnKIUtwG
++L8PKy6+3bTEDhfn1Rxo7+7CuupKV4zqMWjyO+NLsCZbrXh4OwXdr1/SzRsDuFe
4GxgVBvlhUOzwPuDedN9Yh69Iy6w7/ny9QkSFPwWtbjdjrXmjFOadmbhFWFHsmYy
HWMsTYU8fHQ2jA4VbwhNJ7KOdAEu9gZIxUDf+ID+5kCX+N2hOyJc8Mbki4dSZZk3
4X/6AxmYh0eQXaMXY9aJOlWa6pqP1196I1+Ng+ovofkq9DPZy6olS3Fcb70+jcRS
mGRGBCBXBKoBoJUd7c1tkfsBDoKECVPMnr/74tyq9uPpNqXXnuvEmtidcjePtMj2
j0PM4dQ0HxE=eI5d
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close