-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat OpenShift Service Mesh security update
Advisory ID: RHSA-2020:3369-01
Product: Red Hat OpenShift Service Mesh
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3369
Issue date: 2020-08-06
CVE Names: CVE-2020-8203 CVE-2020-9283 CVE-2020-11023
CVE-2020-12666 CVE-2020-14040
====================================================================
1. Summary:
An update is now available for OpenShift Service Mesh 1.1.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
OpenShift Service Mesh 1.1 - x86_64
Red Hat OpenShift Service Mesh 1.1 - x86_64
3. Description:
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio
service mesh project, tailored for installation into an on-premise
OpenShift Container Platform installation.
Security Fix(es):
* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows
for panic (CVE-2020-9283)
* nodejs-lodash: prototype pollution in zipObjectDeep function
(CVE-2020-8203)
* jQuery: passing HTML containing