Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update

Related Vulnerabilities: CVE-2019-5827   CVE-2019-13750   CVE-2019-13751   CVE-2019-17594   CVE-2019-17595   CVE-2019-18218   CVE-2019-19603   CVE-2019-20838   CVE-2020-12762   CVE-2020-13435   CVE-2020-14155   CVE-2020-16135   CVE-2020-24370   CVE-2021-3200   CVE-2021-3426   CVE-2021-3445   CVE-2021-3572   CVE-2021-3580   CVE-2021-3712   CVE-2021-3778   CVE-2021-3796   CVE-2021-3800   CVE-2021-20231   CVE-2021-20232   CVE-2021-20266   CVE-2021-22876   CVE-2021-22898   CVE-2021-22925   CVE-2021-27645   CVE-2021-28153   CVE-2021-29923   CVE-2021-33560   CVE-2021-33574   CVE-2021-35942   CVE-2021-36084   CVE-2021-36085   CVE-2021-36086   CVE-2021-36087   CVE-2021-36221   CVE-2021-42574  

Source

Synopsis

Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update

Type/Severity

Security Advisory: Moderate

Topic

An update is now available for Red Hat Openshit distributed tracing 2.1.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Release of Red Hat OpenShift distributed Tracing provides these changes:

Security Fix(es):

  • golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
  • golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The Red Hat OpenShift distributed tracing release notes provide information on
the features and known issues:

https://docs.openshift.com/container-platform/latest/distr_tracing/distributed-tracing-release-notes.html

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://docs.openshift.com/container-platform/latest/distr_tracing/distr_tracing_install/distr-tracing-updating.html

Affected Products

  • Red Hat OpenShift distributed tracing 2 x86_64
  • Red Hat OpenShift distributed tracing for Power, little endian 2 ppc64le
  • Red Hat OpenShift distributed tracing for IBM Z and LinuxONE 2 s390x

Fixes

  • BZ - 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet
  • BZ - 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
  • TRACING-2235 - Release RHOSDT 2.1

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started