Topic
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives
a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Description
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1
Security Fix(es):
- golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
- golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
- golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
- golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
- golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
- golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
- golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)
- golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.