Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: Red Hat OpenShift Service Mesh 2.1.5 security update

Related Vulnerabilities: CVE-2022-24675   CVE-2022-24785   CVE-2022-24921   CVE-2022-28327   CVE-2022-29526   CVE-2022-30629   CVE-2022-31129  

Source

Synopsis

Moderate: Red Hat OpenShift Service Mesh 2.1.5 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Service Mesh 2.1.5

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.

This advisory covers the RPM packages for the release.

Security Fix(es):

  • moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
  • golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
  • moment: Moment.js: Path traversal in moment.locale (CVE-2022-24785)
  • golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
  • golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
  • golang: syscall: faccessat checks wrong group (CVE-2022-29526)
  • golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

The OpenShift Service Mesh Release Notes provide information on the features and known issues:

https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html

Affected Products

  • Red Hat OpenShift Service Mesh 2.1 for RHEL 8 x86_64
  • Red Hat OpenShift Service Mesh for Power 2.1 for RHEL 8 ppc64le
  • Red Hat OpenShift Service Mesh for IBM Z 2.1 for RHEL 8 s390x

Fixes

  • BZ - 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
  • BZ - 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale
  • BZ - 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
  • BZ - 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
  • BZ - 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
  • BZ - 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
  • BZ - 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started