exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2023-3645-01

Red Hat Security Advisory 2023-3645-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3645-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-20329, CVE-2021-43138, CVE-2022-24999, CVE-2022-25858, CVE-2022-27664, CVE-2022-2880, CVE-2022-36227, CVE-2022-39229, CVE-2022-41715, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361
SHA-256 | 3023d0e9a727cd7cb6e6e20ebd2258d11d98d83016ff62bc73e6192f91c39a04

Red Hat Security Advisory 2023-3645-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat OpenShift Service Mesh 2.2.7 security update
Advisory ID: RHSA-2023:3645-01
Product: RHOSSM
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3645
Issue date: 2023-06-15
CVE Names: CVE-2021-20329 CVE-2021-43138 CVE-2022-2880
CVE-2022-4304 CVE-2022-4450 CVE-2022-24999
CVE-2022-25858 CVE-2022-27664 CVE-2022-36227
CVE-2022-39229 CVE-2022-41715 CVE-2023-0215
CVE-2023-0286 CVE-2023-0361 CVE-2023-27535
====================================================================
1. Summary:

Red Hat OpenShift Service Mesh 2.2.7

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio
service mesh project, tailored for installation into an OpenShift Container
Platform installation.

This advisory covers the RPM packages for the release.

Security Fix(es):

* mongo-go-driver: specific cstrings input may not be properly validated
(CVE-2021-20329)
* async: Prototype Pollution in async (CVE-2021-43138)
* express: "qs" prototype poisoning causes the hang of the node process
(CVE-2022-24999)
* terser: insecure use of regular expressions leads to ReDoS
(CVE-2022-25858)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated
2126276 - CVE-2021-43138 async: Prototype Pollution in async
2126277 - CVE-2022-25858 terser: insecure use of regular expressions leads to ReDoS
2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process

5. JIRA issues fixed (https://issues.redhat.com/):

OSSM-3596 - Port istio-cni fix for RHEL9 to maistra-2.2
OSSM-3720 - Port egress-gateway wrong network gateway endpoints fix in maistra-2.2
OSSM-3783 - operator can deadlock when istiod deployment fails [maistra-2.2]

6. References:

https://access.redhat.com/security/cve/CVE-2021-20329
https://access.redhat.com/security/cve/CVE-2021-43138
https://access.redhat.com/security/cve/CVE-2022-2880
https://access.redhat.com/security/cve/CVE-2022-4304
https://access.redhat.com/security/cve/CVE-2022-4450
https://access.redhat.com/security/cve/CVE-2022-24999
https://access.redhat.com/security/cve/CVE-2022-25858
https://access.redhat.com/security/cve/CVE-2022-27664
https://access.redhat.com/security/cve/CVE-2022-36227
https://access.redhat.com/security/cve/CVE-2022-39229
https://access.redhat.com/security/cve/CVE-2022-41715
https://access.redhat.com/security/cve/CVE-2023-0215
https://access.redhat.com/security/cve/CVE-2023-0286
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-27535
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZIuxJdzjgjWX9erEAQglEg/6A7Ceu4fLKvXl+RRcBZs1TAFYReXxYOcd
KGEDPmEuS2YCS3pn4CN/CqPYcgp1YmtTrpUZxmzKoAZjInJ3kc4zG7XGim3eLBiC
LUWMl7DUM9voriHCmrktjr3sMfryng7FL5i9NT8Sh0YxyeJ0DEr/3Pziyae5JezY
BC1uColX7LtZUa0dLgP3Tl7lW/tEn2TwOUldmLAJwjzvECzsCelLT57DOUbeibV0
TrmGs6ZOhUDNzbLHRZuvtLXIJlL0LquR/B/KzOT7ZuawEAxMmh70t2AdS3mD4YXq
GxG9b4mfq7zIYa6nvUnTcaKxM/gE0TE0Vrrk9FdUfXcpyQfZnVakLf3i5ll0XmqA
7YSSdBJIj8kccbz7DV9siJVyCMmlN/7KB0QYont4MiIvY4/ovS9pytDtuJ2xvOZ4
pTe6tF2i8S+XvI5D173I7+QoN8fUGiP3gdArRKFu7GlFXZfrgq4Yfl4wQR26tbpE
CCrT1ct9Bj1IdvFSOexBzaNArh60Vpi0uUYfYg2smVPJslCNhKY9c1D0T/pLZL3b
mO5ytnq/zaNPFSYS4LpuBn9qX1TXJmlNQlpm/Pnzs//YVaZbxXwvzzGC4vVr7F+r
+VVlfI43X4bLKseuxToheH9UrMIJRW+aE6bFHE1ss22m9y5n/kHRK8oDb5FRur3b
LOOJa1Oil6M=4VhL
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close