Red Hat Security Advisory: Red Hat OpenShift Do openshift/odo-init-image 1.1.3 security update
🔗 CVE IDs covered (33)
📋 Description
CVE-2018-20843 — expat: large number of colons in input makes parser consume high amount of resources, leading to DoS CVE-2019-5094 — e2fsprogs: Crafted ext4 partition leads to out-of-bounds write CVE-2019-5188 — e2fsprogs: Out-of-bounds write in e2fsck/rehash.c CVE-2019-5482 — curl: heap buffer overflow in function tftp_receive_packet() CVE-2019-11719 — nss: Out-of-bounds read when importing curve25519 private key CVE-2019-11727 — nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 CVE-2019-11756 — nss: Use-after-free in sftk_FreeSession due to improper refcounting CVE-2019-12450 — glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress CVE-2019-12749 — dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass CVE-2019-14822 — ibus: missing authorization allows local attacker to access the input bus of another user CVE-2019-14866 — cpio: improper input validation when writing tar header fields leads to unexpected tar generation CVE-2019-15903 — expat: heap-based buffer over-read via crafted XML input CVE-2019-16935 — python: XSS vulnerability in the documentation XML-RPC server in server_title field CVE-2019-17006 — nss: Check length of inputs for cryptographic primitives CVE-2019-17023 — nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state CVE-2019-17498 — libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c CVE-2019-19126 — glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries CVE-2019-19956 — libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c CVE-2019-20386 — systemd: memory leak in button_open() in login/logind-button.c when udev events are received CVE-2019-20388 — libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c CVE-2019-20907 — python: infinite loop in the tarfile module via crafted TAR archive CVE-2019-25013 — glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding CVE-2020-1971 — openssl: EDIPARTYNAME NULL pointer de-reference CVE-2020-6829 — nss: Side channel attack on ECDSA signature generation CVE-2020-7595 — libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations CVE-2020-8177 — curl: Incorrect argument check can allow remote servers to overwrite local files CVE-2020-10029 — glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions CVE-2020-12243 — openldap: denial of service via nested boolean expressions in LDAP search filters CVE-2020-12400 — nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function CVE-2020-12401 — nss: ECDSA timing attack mitigation bypass CVE-2020-12402 — nss: Side channel vulnerabilities during RSA key generation CVE-2020-12403 — nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read CVE-2020-29573 — glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern
🔗 References (5)
- selfhttps://access.redhat.com/errata/RHSA-2021:0949
- externalhttps://access.redhat.com/security/updates/classification/#low
- externalhttps://docs.openshift.com/container-platform/4.4/cli_reference/openshift_developer_cli/installing-odo.html
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1832983
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0949.json