-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: RHOSDT 2.6.0 operator/operand containers Security Update Advisory ID: RHSA-2022:7055-01 Product: RHOSDT Advisory URL: https://access.redhat.com/errata/RHSA-2022:7055 Issue date: 2022-10-19 CVE Names: CVE-2015-20107 CVE-2021-3918 CVE-2022-0391 CVE-2022-0536 CVE-2022-1292 CVE-2022-1586 CVE-2022-1650 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-24785 CVE-2022-31129 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 ==================================================================== 1. Summary: An update is now available for Red Hat Openshift distributed tracing 2.6.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat OpenShift distributed tracing provides these changes: Security Fix(es): * nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918) * eventsource: Exposure of Sensitive Information (CVE-2022-1650) * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 5. References: https://access.redhat.com/security/cve/CVE-2015-20107 https://access.redhat.com/security/cve/CVE-2021-3918 https://access.redhat.com/security/cve/CVE-2022-0391 https://access.redhat.com/security/cve/CVE-2022-0536 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1650 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-24785 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY1BkhtzjgjWX9erEAQgc3A//S16S+mYr+0uhv7fBfHt1dRBkY6hManvF jvEIqy7HvrpaUI8aL7M7YA/NEinnqWwcqNKL5P0EhT03ZSCQkJYoN0PXWaH3QzDo o49VzI/V7V3x6lJmA1Uzq24jyU6Uu0xa2wYYuwjy1vpNa1sx60uMzhMn5enk0URG RqyrLVcx4O0Tdypnx2coDnVXQOA62en+gITpOxY5gjywKeOIV9ksejvaaA//NTL+ K8LMmCobj+qmUhduX17OHfH7GgrXdWNNLVOZ+LcAr8NtUAtyUOddliwjFUO9Je+7 1dTtvNyB8+scPZOvYiuGeRPtS/EZLu3AGSIeKNGGB8hDqB6iMMx4HoZg9MT23kd7 qzbh6tEMdIUI47Sq5x7CrTW9HvSQ04XYbhA3MfaRzxjao1VDQaMSW5RnJcLqD7WS /lJv4pqNdUxNgZGLxNjym1ZcskSjWh3KgetYcOiHfPyFT4195i5uWcLDJk7RLD8X 1ikbWzHqrliGTTiD5ml/nv4IL7dPjcL9ENC/p9+C/bZqR5I8WgKBigDkYQdyoCrT cpVa0UPsz08HtMA208Df8QkCehI3g0qPedV2PpRt/XokKMEP6eMEgd1sFYiOljYN BWSDLQWec9+7QqDWpTtwFUU9C3VaGaaau4LVYehmYLl3uXQzfaxjWzSntdhqDtc9 2U9smIGtonA=uOMp -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce