Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Related Vulnerabilities: CVE-2021-46848   CVE-2022-1304   CVE-2022-1586   CVE-2022-2880   CVE-2022-4304   CVE-2022-4415   CVE-2022-4450   CVE-2022-22624   CVE-2022-22628   CVE-2022-22629   CVE-2022-22662   CVE-2022-26700   CVE-2022-26709   CVE-2022-26710   CVE-2022-26716   CVE-2022-26717   CVE-2022-26719   CVE-2022-27664   CVE-2022-30293   CVE-2022-32189   CVE-2022-32190   CVE-2022-34903   CVE-2022-35737   CVE-2022-40303   CVE-2022-40304   CVE-2022-41715   CVE-2022-41717   CVE-2022-41724   CVE-2022-41725   CVE-2022-42898   CVE-2022-47629   CVE-2023-0215   CVE-2023-0286   CVE-2023-0361   CVE-2023-23916  

Source

Synopsis

Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Type/Severity

Security Advisory: Moderate

Topic

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives
a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1

Security Fix(es):

  • golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
  • golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
  • golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
  • golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
  • golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
  • golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
  • golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)
  • golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Solution

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Secondary Scheduler Operator for Red Hat OpenShift (OSSO) 1.0 x86_64

Fixes

  • BZ - 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service
  • BZ - 2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative path components in all circumstances
  • BZ - 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
  • BZ - 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
  • BZ - 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
  • BZ - 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests
  • BZ - 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption
  • BZ - 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics
  • WRKLDS-653 - New SSO 1.1.1 release to address existing CVEs

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started