exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2023-3645-01

Red Hat Security Advisory 2023-3645-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3645-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-20329, CVE-2021-43138, CVE-2022-24999, CVE-2022-25858, CVE-2022-27664, CVE-2022-2880, CVE-2022-36227, CVE-2022-39229, CVE-2022-41715, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361
SHA-256 | 3023d0e9a727cd7cb6e6e20ebd2258d11d98d83016ff62bc73e6192f91c39a04

Red Hat Security Advisory 2023-3645-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat OpenShift Service Mesh 2.2.7 security update
Advisory ID: RHSA-2023:3645-01
Product: RHOSSM
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3645
Issue date: 2023-06-15
CVE Names: CVE-2021-20329 CVE-2021-43138 CVE-2022-2880
CVE-2022-4304 CVE-2022-4450 CVE-2022-24999
CVE-2022-25858 CVE-2022-27664 CVE-2022-36227
CVE-2022-39229 CVE-2022-41715 CVE-2023-0215
CVE-2023-0286 CVE-2023-0361 CVE-2023-27535
====================================================================
1. Summary:

Red Hat OpenShift Service Mesh 2.2.7

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio
service mesh project, tailored for installation into an OpenShift Container
Platform installation.

This advisory covers the RPM packages for the release.

Security Fix(es):

* mongo-go-driver: specific cstrings input may not be properly validated
(CVE-2021-20329)
* async: Prototype Pollution in async (CVE-2021-43138)
* express: "qs" prototype poisoning causes the hang of the node process
(CVE-2022-24999)
* terser: insecure use of regular expressions leads to ReDoS
(CVE-2022-25858)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated
2126276 - CVE-2021-43138 async: Prototype Pollution in async
2126277 - CVE-2022-25858 terser: insecure use of regular expressions leads to ReDoS
2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process

5. JIRA issues fixed (https://issues.redhat.com/):

OSSM-3596 - Port istio-cni fix for RHEL9 to maistra-2.2
OSSM-3720 - Port egress-gateway wrong network gateway endpoints fix in maistra-2.2
OSSM-3783 - operator can deadlock when istiod deployment fails [maistra-2.2]

6. References:

https://access.redhat.com/security/cve/CVE-2021-20329
https://access.redhat.com/security/cve/CVE-2021-43138
https://access.redhat.com/security/cve/CVE-2022-2880
https://access.redhat.com/security/cve/CVE-2022-4304
https://access.redhat.com/security/cve/CVE-2022-4450
https://access.redhat.com/security/cve/CVE-2022-24999
https://access.redhat.com/security/cve/CVE-2022-25858
https://access.redhat.com/security/cve/CVE-2022-27664
https://access.redhat.com/security/cve/CVE-2022-36227
https://access.redhat.com/security/cve/CVE-2022-39229
https://access.redhat.com/security/cve/CVE-2022-41715
https://access.redhat.com/security/cve/CVE-2023-0215
https://access.redhat.com/security/cve/CVE-2023-0286
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-27535
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZIuxJdzjgjWX9erEAQglEg/6A7Ceu4fLKvXl+RRcBZs1TAFYReXxYOcd
KGEDPmEuS2YCS3pn4CN/CqPYcgp1YmtTrpUZxmzKoAZjInJ3kc4zG7XGim3eLBiC
LUWMl7DUM9voriHCmrktjr3sMfryng7FL5i9NT8Sh0YxyeJ0DEr/3Pziyae5JezY
BC1uColX7LtZUa0dLgP3Tl7lW/tEn2TwOUldmLAJwjzvECzsCelLT57DOUbeibV0
TrmGs6ZOhUDNzbLHRZuvtLXIJlL0LquR/B/KzOT7ZuawEAxMmh70t2AdS3mD4YXq
GxG9b4mfq7zIYa6nvUnTcaKxM/gE0TE0Vrrk9FdUfXcpyQfZnVakLf3i5ll0XmqA
7YSSdBJIj8kccbz7DV9siJVyCMmlN/7KB0QYont4MiIvY4/ovS9pytDtuJ2xvOZ4
pTe6tF2i8S+XvI5D173I7+QoN8fUGiP3gdArRKFu7GlFXZfrgq4Yfl4wQR26tbpE
CCrT1ct9Bj1IdvFSOexBzaNArh60Vpi0uUYfYg2smVPJslCNhKY9c1D0T/pLZL3b
mO5ytnq/zaNPFSYS4LpuBn9qX1TXJmlNQlpm/Pnzs//YVaZbxXwvzzGC4vVr7F+r
+VVlfI43X4bLKseuxToheH9UrMIJRW+aE6bFHE1ss22m9y5n/kHRK8oDb5FRur3b
LOOJa1Oil6M=4VhL
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close