Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: VolSync 0.5 security fixes and updates

Related Vulnerabilities: CVE-2022-1705   CVE-2022-1962   CVE-2022-27191   CVE-2022-28131   CVE-2022-30629   CVE-2022-30630   CVE-2022-30631   CVE-2022-30632   CVE-2022-30633   CVE-2022-30635   CVE-2022-32148  

Source

Synopsis

Moderate: VolSync 0.5 security fixes and updates

Type/Severity

Security Advisory: Moderate

Topic

VolSync v0.5

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

VolSync v0.5

VolSync is a Kubernetes operator that enables asynchronous replication of
persistent volumes within a cluster, or across clusters. After deploying
the VolSync operator, it can create and maintain copies of your persistent
data.

For more information about VolSync, see:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#volsync or the VolSync open source community website at:
https://volsync.readthedocs.io/en/stable/.

This advisory contains a security fix and updates to the VolSync
container images.

Security fixes:

  • CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
  • CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
  • CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
  • CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
  • CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
  • CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
  • CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
  • CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
  • CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
  • CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
  • CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

Affected Products

  • Red Hat Advanced Cluster Management for Kubernetes 2 for RHEL 8 x86_64

Fixes

  • BZ - 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
  • BZ - 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
  • BZ - 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
  • BZ - 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
  • BZ - 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
  • BZ - 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
  • BZ - 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
  • BZ - 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
  • BZ - 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
  • BZ - 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
  • BZ - 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started