Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: Red Hat OpenShift Service Mesh 2.2.7 security update

Related Vulnerabilities: CVE-2021-20329   CVE-2021-43138   CVE-2022-2880   CVE-2022-4304   CVE-2022-4450   CVE-2022-24999   CVE-2022-25858   CVE-2022-27664   CVE-2022-36227   CVE-2022-39229   CVE-2022-41715   CVE-2023-0215   CVE-2023-0286   CVE-2023-0361   CVE-2023-27535  

Source

Synopsis

Moderate: Red Hat OpenShift Service Mesh 2.2.7 security update

Type/Severity

Security Advisory: Moderate

Topic

Red Hat OpenShift Service Mesh 2.2.7

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.

This advisory covers the RPM packages for the release.

Security Fix(es):

  • mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)
  • async: Prototype Pollution in async (CVE-2021-43138)
  • express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
  • terser: insecure use of regular expressions leads to ReDoS (CVE-2022-25858)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Service Mesh 2 for RHEL 8 x86_64
  • Red Hat OpenShift Service Mesh for Power 2 for RHEL 8 ppc64le
  • Red Hat OpenShift Service Mesh for IBM Z 2 for RHEL 8 s390x

Fixes

  • BZ - 1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated
  • BZ - 2126276 - CVE-2021-43138 async: Prototype Pollution in async
  • BZ - 2126277 - CVE-2022-25858 terser: insecure use of regular expressions leads to ReDoS
  • BZ - 2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process
  • OSSM-3596 - Port istio-cni fix for RHEL9 to maistra-2.2
  • OSSM-3720 - Port egress-gateway wrong network gateway endpoints fix in maistra-2.2
  • OSSM-3783 - operator can deadlock when istiod deployment fails [maistra-2.2]

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started