Red Hat Security Advisory 2023-3644-01

Red Hat Security Advisory 2023-3644-01: Posted Jun 16, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-3644-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.; tags | advisory; systems | linux, redhat; advisories | CVE-2021-4235, CVE-2022-1705, CVE-2022-27664, CVE-2022-2795, CVE-2022-2879, CVE-2022-2880, CVE-2022-2995, CVE-2022-30631, CVE-2022-3162, CVE-2022-3172, CVE-2022-3204, CVE-2022-32148, CVE-2022-32189, CVE-2022-32190; SHA-256 | d08e0901464777bd733a3a8059ea4b335dfa9bfe8b9bacda0a47df5480ff08a7; Download | Favorite | View

Red Hat Security Advisory 2023-3644-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift Service Mesh Containers for 2.4.0
Advisory ID:       RHSA-2023:3644-01
Product:           RHOSSM
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3644
Issue date:        2023-06-15
CVE Names:         CVE-2021-4235 CVE-2022-1705 CVE-2022-2795
                   CVE-2022-2879 CVE-2022-2880 CVE-2022-2995
                   CVE-2022-3162 CVE-2022-3172 CVE-2022-3204
                   CVE-2022-3259 CVE-2022-3466 CVE-2022-27664
                   CVE-2022-30631 CVE-2022-32148 CVE-2022-32189
                   CVE-2022-32190 CVE-2022-36227 CVE-2022-39229
                   CVE-2022-41715 CVE-2023-24540 CVE-2023-27535
====================================================================
1. Summary:

Red Hat OpenShift Service Mesh Containers for 2.4.0

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio
service mesh project, tailored for installation into an on-premise
OpenShift Container Platform installation.

This advisory covers container images for the release.

Security Fix(es):

* golang: html/template: improper handling of JavaScript whitespace
(CVE-2023-24540)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace

5. JIRA issues fixed (https://issues.redhat.com/):

OSSM-1094 - Htpasswd secret created in control plane namespace is using SHA1
OSSM-1667 - Remove deprecated cipher suites
OSSM-2128 - Exclude some accessible namespaces in Kiali CR with some labelSelector
OSSM-2215 - istio-cni-node never updates kubeconfig causing error adding container to network \"v2-0-istio-cni\": Unauthorized
OSSM-2221 - Gateway injection does not work in control plane namespace
OSSM-2254 - Fix and deprecate IOR
OSSM-2274 - If two SMCPs exist in a namespace and you delete one, all child resources are deleted
OSSM-2325 - Disable prometheus in the minimal example CR
OSSM-2339 - Deprecated istio-operator API call in CNV
OSSM-2420 - Pod locality controller fails to update pod
OSSM-2436 - istio-operator reports as ready before it really is
OSSM-3246 - Promote ClusterWide to GA
OSSM-3288 - Implement prometheus extension provider
OSSM-3291 - Implement envoyExtAuthzHttp extension provider
OSSM-331 - Service Mesh IPv6 Single Stack Support
OSSM-3419 - Align OSSM 2.4 with latest upstream Istio 1.16.5 release
OSSM-3747 - Duplicate env vars in egress gateway deployment
OSSM-3784 - Bad ownerReference in k8s Gateway Deployment & Service
OSSM-3802 - GA discoverySelectors (move out of techPreview.meshConfig)
OSSM-3803 - Move extensionProviders to SMCP.spec.meshConfig.extensionProviders
OSSM-3870 - OSSM must-gather improvements
OSSM-3873 - [KIALI] Kiali ingress.host accepted in the SMCP but is not configured properly in Kiali CR
OSSM-3934 - Prometheus and grafana not reachable from kiali
OSSM-3986 - Kiali does not display all the data when SMCP is deployed with Cluster Wide mode
OSSM-4037 - kiali operator base image bump
OSSM-4069 - Kiali route is missing with 2.2 Control Plane in 2.4 Operator on OpenShift 4.13
OSSM-566 - Supported integration with OpenShift Monitoring and BYO Prometheus
OSSM-568 - Integration with (external) cert-manager

6. References:

https://access.redhat.com/security/cve/CVE-2021-4235
https://access.redhat.com/security/cve/CVE-2022-1705
https://access.redhat.com/security/cve/CVE-2022-2795
https://access.redhat.com/security/cve/CVE-2022-2879
https://access.redhat.com/security/cve/CVE-2022-2880
https://access.redhat.com/security/cve/CVE-2022-2995
https://access.redhat.com/security/cve/CVE-2022-3162
https://access.redhat.com/security/cve/CVE-2022-3172
https://access.redhat.com/security/cve/CVE-2022-3204
https://access.redhat.com/security/cve/CVE-2022-3259
https://access.redhat.com/security/cve/CVE-2022-3466
https://access.redhat.com/security/cve/CVE-2022-27664
https://access.redhat.com/security/cve/CVE-2022-30631
https://access.redhat.com/security/cve/CVE-2022-32148
https://access.redhat.com/security/cve/CVE-2022-32189
https://access.redhat.com/security/cve/CVE-2022-32190
https://access.redhat.com/security/cve/CVE-2022-36227
https://access.redhat.com/security/cve/CVE-2022-39229
https://access.redhat.com/security/cve/CVE-2022-41715
https://access.redhat.com/security/cve/CVE-2023-24540
https://access.redhat.com/security/cve/CVE-2023-27535
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZIuxO9zjgjWX9erEAQhxLg//cqi5JYtCAvOoMpkcoFT/rTGhn2s7EmPX
gCNYy/Gv1EESdc4WLJs/96vXWpnRF1XA1Z+Jrn6Ojd1OcRVikWjpXtzM+2cKNoCA
HZMvyxRe4R0QlcBb17XZYDN0plU+H24UGDMHengwY45K5ZRWfw7/vb3Gna3VwUgk
QALQk0WLqiJUSDy0CAaFwZNKUZKZmKCmQudm8dbECA+pCKTYS22bfbuE4o2jtcTA
PmFZ5sDIKTuWuzHtxT5Urbx+g6rgijP3xP1JqZXzuI9ExH7eeS7e1Sk8rH2MOXH2
E9VDmAsi2p7ffdaLRILHYPdLtt88wiE0kLjBof7i7OMBSoX70l3UEwvy9g96udbl
a/GsvnKkrpEnxXyPxUm4HQQ5xHPEaFIZlAwGSwnZ7CPS0wkWu3vN513ccMF+wsgx
BokeK739WjxblJRsf/fTujflEMmOzIzsM6N3yDY51hs2lAl1NFZSCjFUTwjuoNNK
7CgMoWkbCDRc0tGWvu82gJfZPnlw7lRPHYAVSNkMAPQsODTyk8FEoY9Sj8UtnI5C
qKwo7TdYjTwrivRCoQJJcNZJxW6RY2NSZNev3WviJuM+tssXXkOCJaD6Eguy6UhO
PElcfkRdRJW5HevW+u56ngGfBUb091Zyes7bN8E0AwFBI1CBvjzWgEFTM1i2Ce/+
A6ybAfZVB68=0l+j
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 231 files
indoushka 108 files
Ubuntu 86 files
Gentoo 36 files
Jasper Nota 25 files
Debian 19 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,100)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,789)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,546)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,754)
UNIX (9,437)
UnixWare (187)
Windows (6,674)
Other

Red Hat Security Advisory 2023-3644-01

Red Hat Security Advisory 2023-3644-01

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2023-3644-01

Share This

Red Hat Security Advisory 2023-3644-01

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems