RHSA-2022:2183MediumCVSS 8.8
Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview
🔗 CVE IDs covered (5)
📋 Description
CVE-2019-11253 — kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote denial of service CVE-2019-19794 — golang-github-miekg-dns: predictable TXID can lead to response forgeries CVE-2020-15257 — containerd: unrestricted access to abstract Unix domain socket can lead to privileges escalation CVE-2021-29482 — ulikunitz/xz: Infinite loop in readUvarint allows for denial of service CVE-2021-32760 — containerd: pulling and extracting crafted container image may result in Unix file permission changes
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2022:2183
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1757701
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1786761
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1899487
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1954368
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1982681
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2079447
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2183.json