-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Moderate: Service Binding Operator 1.3.1 security update
Advisory ID:       RHSA-2022:7407-01
Product:           OpenShift Developer Tools and Services
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7407
Issue date:        2022-11-03
CVE Names:         CVE-2020-35525 CVE-2020-35527 CVE-2022-2509
                   CVE-2022-3515 CVE-2022-32149 CVE-2022-37434
====================================================================
1. Summary:

An update for service-binding-operator-bundle-container and
service-binding-operator-container is now available for OpenShift Developer
Tools and Services for OCP 4.9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Service Binding Operator 1.3.1 is now available for OpenShift Developer
Tools and Services for OCP 4.9 +

Security Fix(es):

* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time
to parse complex tags (CVE-2022-32149)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

For details on how to apply this update, see:
https://access.redhat.com/articles/11258.

Follow the instructions linked in the References section to create service
binding connections between applications and services using the Developer
perspective in the OpenShift Container Platform web console.

4. Bugs fixed (https://bugzilla.redhat.com/):

2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

5. JIRA issues fixed (https://issues.jboss.org/):

APPSVC-1220 - Fix CVE-2022-32149

6. References:

https://access.redhat.com/security/cve/CVE-2020-35525
https://access.redhat.com/security/cve/CVE-2020-35527
https://access.redhat.com/security/cve/CVE-2022-2509
https://access.redhat.com/security/cve/CVE-2022-3515
https://access.redhat.com/security/cve/CVE-2022-32149
https://access.redhat.com/security/cve/CVE-2022-37434
https://access.redhat.com/security/updates/classification/#moderate
https://docs.openshift.com/container-platform/latest/applications/connecting_applications_to_services/odc-connecting-an-application-to-a-service-using-the-developer-perspective.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY2QOrdzjgjWX9erEAQjn+A//X6hSXPC7IwDSYPPbFS3+dzfmnysoy/zd
F+yf+uHWgtf4iIJgcqrwqo0Trc9tPqauN6JuBYvROdiK4qJPJm7ni8jme4EU34mx
EX4reTVrltLti8Dhv1G9CrtHZic9dxV9zZrxbMP16BaNlHkhlvi5q6JipZLTc+qU
KlLr79UN/cBfzfKYc53Nbfej+q4GbG97imnOysKozP+v5YN7f9SLycFoxIo1tv53
kQGNdWpFBE7AAhd28fn0iXK8D1Y9FW//xahuJAH+NA/oIjbFRRmwGMxaeANo88Cy
jqUoCXCykAmOsKiFHXiD4fu/TsmAkHUuguwzrZvtlapjpKDCKKPiOD4G/uBMyhtb
dXH+2kMOMNRA38LMFHKCsltPHqPzKiMS5UnYk6w7yXDl7IW/45rt0HrK70/Yt9jr
22XrvLnYSMHStEzhPcxHuUAt1m2bVk67XMYfH5luQRdKbdG+nMWx9ekA8Fhyebax
nRpNDPdbETleXS4NMXACtVkaT/ps7JnrrhbsXB4bW4tAj8l5ryUeNu0aA+6uZo3K
Om2MES7KriMsCvU93v8/AmIxtMERAVHxPlo230bB4y4MQiA0l3IxGViRZdDM5N2p
7acUjOyNm6PvsZQ33gDgH4pwddBIaAOu/nDJUAzHPqFrPTmrHmMe/OGPo9sb6QEq
oTqLGhQ76lU=CnnY
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce