Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.0.9 security update
🔗 CVE IDs covered (16)
📋 Description
CVE-2020-28851 — golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension CVE-2020-28852 — golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2021-3121 — gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation CVE-2021-3749 — nodejs-axios: Regular expression denial of service in trim function CVE-2021-29482 — ulikunitz/xz: Infinite loop in readUvarint allows for denial of service CVE-2021-29923 — golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet CVE-2021-36221 — golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-43565 — golang.org/x/crypto: empty plaintext packet causes panic CVE-2021-43824 — envoy: Null pointer dereference when using JWT filter safe_regex match CVE-2021-43825 — envoy: Use-after-free when response filters increase response data CVE-2021-43826 — envoy: Use-after-free when tunneling TCP over HTTP CVE-2022-21654 — envoy: Incorrect configuration handling allows mTLS session re-use without re-validation CVE-2022-21655 — envoy: Incorrect handling of internal redirects to routes with a direct response entry CVE-2022-23606 — envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service CVE-2022-23635 — istio: unauthenticated control plane denial of service attack CVE-2022-24726 — istio: Unauthenticated control plane denial of service attack due to stack exhaustion
🔗 References (19)
- selfhttps://access.redhat.com/errata/RHSA-2022:1276
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1913333
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1913338
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1921650
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1954368
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1992006
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1995656
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1999784
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2030787
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2050744
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2050746
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2050748
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2050753
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2050757
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2050758
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2057277
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2061638
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1276.json