Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-31525 (GCVE-0-2021-31525)
Vulnerability from cvelistv5 – Published: 2021-05-27 12:17 – Updated: 2024-08-03 23:03
VLAI
EPSS
Summary
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://groups.google.com/g/golang-announce/c/cu9… | x_refsource_MISC |
| https://github.com/golang/go/issues/45710 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202208-02 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/golang/go/issues/45710"
},
{
"name": "FEDORA-2021-ee3c072cd0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T15:07:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/golang/go/issues/45710"
},
{
"name": "FEDORA-2021-ee3c072cd0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
},
{
"name": "https://github.com/golang/go/issues/45710",
"refsource": "MISC",
"url": "https://github.com/golang/go/issues/45710"
},
{
"name": "FEDORA-2021-ee3c072cd0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/"
},
{
"name": "GLSA-202208-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31525",
"datePublished": "2021-05-27T12:17:11.000Z",
"dateReserved": "2021-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:03:33.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-31525",
"date": "2026-05-31",
"epss": "0.00022",
"percentile": "0.06399"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-31525\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-05-27T13:15:08.207\",\"lastModified\":\"2024-11-21T06:05:51.330\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.\"},{\"lang\":\"es\",\"value\":\"net/http en Go versiones anteriores a 1.15.12 y versiones 1.16.x anteriores a 1.16.4, permite a atacantes remotos causar una denegaci\u00f3n de servicio (p\u00e1nico) por medio de un encabezado grande en los par\u00e1metros ReadRequest o ReadResponse.\u0026#xa0;El Servidor, el Transporte y el Cliente pueden estar afectados en algunas configuraciones\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:N/A:P\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.15.12\",\"matchCriteriaId\":\"DCA080B5-DEFB-462A-8908-2EBD5D2075D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.16.0\",\"versionEndExcluding\":\"1.16.4\",\"matchCriteriaId\":\"644F0433-E29C-4748-BDA9-5332DF7CBE14\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://github.com/golang/go/issues/45710\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/golang/go/issues/45710\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
GSD-2021-31525
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-31525",
"description": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.",
"id": "GSD-2021-31525",
"references": [
"https://www.suse.com/security/cve/CVE-2021-31525.html",
"https://access.redhat.com/errata/RHSA-2022:0308",
"https://access.redhat.com/errata/RHSA-2022:0191",
"https://access.redhat.com/errata/RHSA-2021:5072",
"https://access.redhat.com/errata/RHSA-2021:4104",
"https://access.redhat.com/errata/RHSA-2021:4103",
"https://access.redhat.com/errata/RHSA-2021:3759",
"https://access.redhat.com/errata/RHSA-2021:3748",
"https://access.redhat.com/errata/RHSA-2021:3733",
"https://access.redhat.com/errata/RHSA-2021:3556",
"https://access.redhat.com/errata/RHSA-2021:3555",
"https://access.redhat.com/errata/RHSA-2021:3487",
"https://access.redhat.com/errata/RHSA-2021:3248",
"https://access.redhat.com/errata/RHSA-2021:3076",
"https://access.redhat.com/errata/RHSA-2021:2984",
"https://access.redhat.com/errata/RHSA-2021:2983",
"https://access.redhat.com/errata/RHBA-2021:2979",
"https://access.redhat.com/errata/RHBA-2021:2854",
"https://access.redhat.com/errata/RHSA-2021:2705",
"https://access.redhat.com/errata/RHSA-2021:2704",
"https://access.redhat.com/errata/RHEA-2021:2679",
"https://access.redhat.com/errata/RHSA-2021:2543",
"https://advisories.mageia.org/CVE-2021-31525.html",
"https://security.archlinux.org/CVE-2021-31525",
"https://access.redhat.com/errata/RHSA-2022:0577",
"https://alas.aws.amazon.com/cve/html/CVE-2021-31525.html",
"https://linux.oracle.com/cve/CVE-2021-31525.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-31525"
],
"details": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.",
"id": "GSD-2021-31525",
"modified": "2023-12-13T01:23:13.638350Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
},
{
"name": "https://github.com/golang/go/issues/45710",
"refsource": "MISC",
"url": "https://github.com/golang/go/issues/45710"
},
{
"name": "FEDORA-2021-ee3c072cd0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/"
},
{
"name": "GLSA-202208-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-02"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.0.0-20210428140749-89ef3d95e781",
"affected_versions": "All versions before 0.0.0-20210428140749-89ef3d95e781",
"cvss_v2": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-674",
"CWE-937"
],
"date": "2023-02-24",
"description": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.",
"fixed_versions": [
"0.0.0-20210428140749-89ef3d95e781"
],
"identifier": "CVE-2021-31525",
"identifiers": [
"GHSA-h86h-8ppg-mxmh",
"CVE-2021-31525"
],
"not_impacted": "All versions starting from 0.0.0-20210428140749-89ef3d95e781",
"package_slug": "go/golang.org/x/net",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 0.0.0-20210428140749-89ef3d95e781 or above.",
"title": "Uncontrolled Recursion",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"https://github.com/golang/go/issues/45710",
"https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/",
"https://security.gentoo.org/glsa/202208-02",
"https://go.dev/cl/313069",
"https://go.dev/issue/45710",
"https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9",
"https://pkg.go.dev/vuln/GO-2022-0236",
"https://github.com/advisories/GHSA-h86h-8ppg-mxmh"
],
"uuid": "544dcb81-3d1d-4416-90bc-44760954eb08"
},
{
"affected_range": "\u003c0.0.0-20210428140749-89ef3d95e781",
"affected_versions": "All versions before 0.0.0-20210428140749-89ef3d95e781",
"cvss_v2": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-674",
"CWE-937"
],
"date": "2023-02-08",
"description": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.",
"fixed_versions": [
"0.0.0-20210428140749-89ef3d95e781"
],
"identifier": "CVE-2021-31525",
"identifiers": [
"GHSA-h86h-8ppg-mxmh",
"CVE-2021-31525"
],
"not_impacted": "All versions starting from 0.0.0-20210428140749-89ef3d95e781",
"package_slug": "go/golang.org/x/net/http/httpguts",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 0.0.0-20210428140749-89ef3d95e781 or above.",
"title": "Uncontrolled Recursion",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"https://github.com/golang/go/issues/45710",
"https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/",
"https://security.gentoo.org/glsa/202208-02",
"https://go.dev/cl/313069",
"https://go.dev/issue/45710",
"https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9",
"https://pkg.go.dev/vuln/GO-2022-0236",
"https://github.com/advisories/GHSA-h86h-8ppg-mxmh"
],
"uuid": "f6c19b58-1076-45b3-b566-9e93b1735e2e"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.16.4",
"versionStartIncluding": "1.16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.15.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31525"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/golang/go/issues/45710",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/golang/go/issues/45710"
},
{
"name": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
},
{
"name": "FEDORA-2021-ee3c072cd0",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/"
},
{
"name": "GLSA-202208-02",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-02"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-11-09T03:32Z",
"publishedDate": "2021-05-27T13:15Z"
}
}
}
MSRC_CVE-2021-31525
Vulnerability from csaf_microsoft - Published: 2021-05-02 00:00 - Updated: 2021-06-09 00:00Summary
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server Transport and Client can each be affected in some configurations.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2021-31525 net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server Transport and Client can each be affected in some configurations. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-31525.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server Transport and Client can each be affected in some configurations.",
"tracking": {
"current_release_date": "2021-06-09T00:00:00.000Z",
"generator": {
"date": "2025-12-27T18:53:44.502Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2021-31525",
"initial_release_date": "2021-05-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-06-09T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 golang 1.15.13-1",
"product": {
"name": "\u003ccm1 golang 1.15.13-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 golang 1.15.13-1",
"product": {
"name": "cm1 golang 1.15.13-1",
"product_id": "19049"
}
}
],
"category": "product_name",
"name": "golang"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 golang 1.15.13-1 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 golang 1.15.13-1 as a component of CBL Mariner 1.0",
"product_id": "19049-16820"
},
"product_reference": "19049",
"relates_to_product_reference": "16820"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19049-16820"
],
"known_affected": [
"16820-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-31525 net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server Transport and Client can each be affected in some configurations. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-31525.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-09T00:00:00.000Z",
"details": "1.15.13-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"16820-1"
]
}
],
"title": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server Transport and Client can each be affected in some configurations."
}
]
}
OPENSUSE-SU-2021:0904-1
Vulnerability from csaf_opensuse - Published: 2021-06-23 18:07 - Updated: 2021-06-23 18:07Summary
Security update for go1.15
Severity
Moderate
Notes
Title of the patch: Security update for go1.15
Description of the patch: This update for go1.15 fixes the following issues:
- Updated go to upstream version 1.15.12 (released 2021-05-06) (bsc#1175132).
- CVE-2021-31525: Fixed stack overflow via net/http ReadRequest (bsc#1185790).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2021-904
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:go1.15-1.15.12-lp152.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:go1.15-doc-1.15.12-lp152.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:go1.15-race-1.15.12-lp152.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.15",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.15 fixes the following issues:\n\n- Updated go to upstream version 1.15.12 (released 2021-05-06) (bsc#1175132).\n- CVE-2021-31525: Fixed stack overflow via net/http ReadRequest (bsc#1185790).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-904",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0904-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0904-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FEBF3TK6RJGTIEOIZ3AQJ3GEDOBRMLER/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0904-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FEBF3TK6RJGTIEOIZ3AQJ3GEDOBRMLER/"
},
{
"category": "self",
"summary": "SUSE Bug 1175132",
"url": "https://bugzilla.suse.com/1175132"
},
{
"category": "self",
"summary": "SUSE Bug 1185790",
"url": "https://bugzilla.suse.com/1185790"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-31525 page",
"url": "https://www.suse.com/security/cve/CVE-2021-31525/"
}
],
"title": "Security update for go1.15",
"tracking": {
"current_release_date": "2021-06-23T18:07:02Z",
"generator": {
"date": "2021-06-23T18:07:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0904-1",
"initial_release_date": "2021-06-23T18:07:02Z",
"revision_history": [
{
"date": "2021-06-23T18:07:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.12-lp152.17.1.x86_64",
"product": {
"name": "go1.15-1.15.12-lp152.17.1.x86_64",
"product_id": "go1.15-1.15.12-lp152.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.12-lp152.17.1.x86_64",
"product": {
"name": "go1.15-doc-1.15.12-lp152.17.1.x86_64",
"product_id": "go1.15-doc-1.15.12-lp152.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.12-lp152.17.1.x86_64",
"product": {
"name": "go1.15-race-1.15.12-lp152.17.1.x86_64",
"product_id": "go1.15-race-1.15.12-lp152.17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.12-lp152.17.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:go1.15-1.15.12-lp152.17.1.x86_64"
},
"product_reference": "go1.15-1.15.12-lp152.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.12-lp152.17.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:go1.15-doc-1.15.12-lp152.17.1.x86_64"
},
"product_reference": "go1.15-doc-1.15.12-lp152.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.12-lp152.17.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:go1.15-race-1.15.12-lp152.17.1.x86_64"
},
"product_reference": "go1.15-race-1.15.12-lp152.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-31525"
}
],
"notes": [
{
"category": "general",
"text": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:go1.15-1.15.12-lp152.17.1.x86_64",
"openSUSE Leap 15.2:go1.15-doc-1.15.12-lp152.17.1.x86_64",
"openSUSE Leap 15.2:go1.15-race-1.15.12-lp152.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-31525",
"url": "https://www.suse.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "SUSE Bug 1185790 for CVE-2021-31525",
"url": "https://bugzilla.suse.com/1185790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:go1.15-1.15.12-lp152.17.1.x86_64",
"openSUSE Leap 15.2:go1.15-doc-1.15.12-lp152.17.1.x86_64",
"openSUSE Leap 15.2:go1.15-race-1.15.12-lp152.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:go1.15-1.15.12-lp152.17.1.x86_64",
"openSUSE Leap 15.2:go1.15-doc-1.15.12-lp152.17.1.x86_64",
"openSUSE Leap 15.2:go1.15-race-1.15.12-lp152.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-23T18:07:02Z",
"details": "moderate"
}
],
"title": "CVE-2021-31525"
}
]
}
OPENSUSE-SU-2024:10808-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.15-1.15.15-1.2 on GA media
Severity
Moderate
Notes
Title of the patch: go1.15-1.15.15-1.2 on GA media
Description of the patch: These are all security issues fixed in the go1.15-1.15.15-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10808
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.15-1.15.15-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.15-1.15.15-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10808",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10808-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24553 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28362 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28366 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28366/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28367 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28367/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27918 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3114 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3115 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-31525 page",
"url": "https://www.suse.com/security/cve/CVE-2021-31525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33195 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33196 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33197 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33198 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-34558 page",
"url": "https://www.suse.com/security/cve/CVE-2021-34558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36221 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36221/"
}
],
"title": "go1.15-1.15.15-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10808-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.2.aarch64",
"product": {
"name": "go1.15-1.15.15-1.2.aarch64",
"product_id": "go1.15-1.15.15-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.2.aarch64",
"product": {
"name": "go1.15-doc-1.15.15-1.2.aarch64",
"product_id": "go1.15-doc-1.15.15-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.15-1.2.aarch64",
"product": {
"name": "go1.15-race-1.15.15-1.2.aarch64",
"product_id": "go1.15-race-1.15.15-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.2.ppc64le",
"product": {
"name": "go1.15-1.15.15-1.2.ppc64le",
"product_id": "go1.15-1.15.15-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.2.ppc64le",
"product": {
"name": "go1.15-doc-1.15.15-1.2.ppc64le",
"product_id": "go1.15-doc-1.15.15-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.15-1.2.ppc64le",
"product": {
"name": "go1.15-race-1.15.15-1.2.ppc64le",
"product_id": "go1.15-race-1.15.15-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.2.s390x",
"product": {
"name": "go1.15-1.15.15-1.2.s390x",
"product_id": "go1.15-1.15.15-1.2.s390x"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.2.s390x",
"product": {
"name": "go1.15-doc-1.15.15-1.2.s390x",
"product_id": "go1.15-doc-1.15.15-1.2.s390x"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.15-1.2.s390x",
"product": {
"name": "go1.15-race-1.15.15-1.2.s390x",
"product_id": "go1.15-race-1.15.15-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.2.x86_64",
"product": {
"name": "go1.15-1.15.15-1.2.x86_64",
"product_id": "go1.15-1.15.15-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.2.x86_64",
"product": {
"name": "go1.15-doc-1.15.15-1.2.x86_64",
"product_id": "go1.15-doc-1.15.15-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.15-1.2.x86_64",
"product": {
"name": "go1.15-race-1.15.15-1.2.x86_64",
"product_id": "go1.15-race-1.15.15-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64"
},
"product_reference": "go1.15-1.15.15-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le"
},
"product_reference": "go1.15-1.15.15-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x"
},
"product_reference": "go1.15-1.15.15-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64"
},
"product_reference": "go1.15-1.15.15-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64"
},
"product_reference": "go1.15-doc-1.15.15-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le"
},
"product_reference": "go1.15-doc-1.15.15-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x"
},
"product_reference": "go1.15-doc-1.15.15-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64"
},
"product_reference": "go1.15-doc-1.15.15-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.15-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64"
},
"product_reference": "go1.15-race-1.15.15-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.15-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le"
},
"product_reference": "go1.15-race-1.15.15-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.15-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x"
},
"product_reference": "go1.15-race-1.15.15-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.15-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
},
"product_reference": "go1.15-race-1.15.15-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-24553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24553"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24553",
"url": "https://www.suse.com/security/cve/CVE-2020-24553"
},
{
"category": "external",
"summary": "SUSE Bug 1176031 for CVE-2020-24553",
"url": "https://bugzilla.suse.com/1176031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-24553"
},
{
"cve": "CVE-2020-28362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28362"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28362",
"url": "https://www.suse.com/security/cve/CVE-2020-28362"
},
{
"category": "external",
"summary": "SUSE Bug 1178750 for CVE-2020-28362",
"url": "https://bugzilla.suse.com/1178750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-28362"
},
{
"cve": "CVE-2020-28366",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28366"
}
],
"notes": [
{
"category": "general",
"text": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28366",
"url": "https://www.suse.com/security/cve/CVE-2020-28366"
},
{
"category": "external",
"summary": "SUSE Bug 1178753 for CVE-2020-28366",
"url": "https://bugzilla.suse.com/1178753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-28366"
},
{
"cve": "CVE-2020-28367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28367"
}
],
"notes": [
{
"category": "general",
"text": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28367",
"url": "https://www.suse.com/security/cve/CVE-2020-28367"
},
{
"category": "external",
"summary": "SUSE Bug 1178752 for CVE-2020-28367",
"url": "https://bugzilla.suse.com/1178752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-28367"
},
{
"cve": "CVE-2021-27918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27918"
}
],
"notes": [
{
"category": "general",
"text": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27918",
"url": "https://www.suse.com/security/cve/CVE-2021-27918"
},
{
"category": "external",
"summary": "SUSE Bug 1183333 for CVE-2021-27918",
"url": "https://bugzilla.suse.com/1183333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-27918"
},
{
"cve": "CVE-2021-3114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3114"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3114",
"url": "https://www.suse.com/security/cve/CVE-2021-3114"
},
{
"category": "external",
"summary": "SUSE Bug 1181145 for CVE-2021-3114",
"url": "https://bugzilla.suse.com/1181145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3114"
},
{
"cve": "CVE-2021-3115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3115"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the \"go get\" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3115",
"url": "https://www.suse.com/security/cve/CVE-2021-3115"
},
{
"category": "external",
"summary": "SUSE Bug 1181146 for CVE-2021-3115",
"url": "https://bugzilla.suse.com/1181146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3115"
},
{
"cve": "CVE-2021-31525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-31525"
}
],
"notes": [
{
"category": "general",
"text": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-31525",
"url": "https://www.suse.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "SUSE Bug 1185790 for CVE-2021-31525",
"url": "https://bugzilla.suse.com/1185790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-31525"
},
{
"cve": "CVE-2021-33195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33195"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33195",
"url": "https://www.suse.com/security/cve/CVE-2021-33195"
},
{
"category": "external",
"summary": "SUSE Bug 1187443 for CVE-2021-33195",
"url": "https://bugzilla.suse.com/1187443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-33195"
},
{
"cve": "CVE-2021-33196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33196"
}
],
"notes": [
{
"category": "general",
"text": "In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive\u0027s header) can cause a NewReader or OpenReader panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33196",
"url": "https://www.suse.com/security/cve/CVE-2021-33196"
},
{
"category": "external",
"summary": "SUSE Bug 1186622 for CVE-2021-33196",
"url": "https://bugzilla.suse.com/1186622"
},
{
"category": "external",
"summary": "SUSE Bug 1190589 for CVE-2021-33196",
"url": "https://bugzilla.suse.com/1190589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33196"
},
{
"cve": "CVE-2021-33197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33197"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33197",
"url": "https://www.suse.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "SUSE Bug 1187444 for CVE-2021-33197",
"url": "https://bugzilla.suse.com/1187444"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-33197"
},
{
"cve": "CVE-2021-33198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33198"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33198",
"url": "https://www.suse.com/security/cve/CVE-2021-33198"
},
{
"category": "external",
"summary": "SUSE Bug 1187445 for CVE-2021-33198",
"url": "https://bugzilla.suse.com/1187445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33198"
},
{
"cve": "CVE-2021-34558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-34558"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-34558",
"url": "https://www.suse.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "SUSE Bug 1188229 for CVE-2021-34558",
"url": "https://bugzilla.suse.com/1188229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-34558"
},
{
"cve": "CVE-2021-36221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36221"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36221",
"url": "https://www.suse.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "SUSE Bug 1189162 for CVE-2021-36221",
"url": "https://bugzilla.suse.com/1189162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-36221"
}
]
}
OPENSUSE-SU-2024:10809-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.16-1.16.8-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.16-1.16.8-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.16-1.16.8-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10809
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.16-1.16.8-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.16-1.16.8-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10809",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10809-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27918 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27919 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-31525 page",
"url": "https://www.suse.com/security/cve/CVE-2021-31525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33195 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33196 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33197 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33198 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-34558 page",
"url": "https://www.suse.com/security/cve/CVE-2021-34558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36221 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39293 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39293/"
}
],
"title": "go1.16-1.16.8-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10809-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.aarch64",
"product": {
"name": "go1.16-1.16.8-1.1.aarch64",
"product_id": "go1.16-1.16.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.aarch64",
"product": {
"name": "go1.16-doc-1.16.8-1.1.aarch64",
"product_id": "go1.16-doc-1.16.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.aarch64",
"product": {
"name": "go1.16-race-1.16.8-1.1.aarch64",
"product_id": "go1.16-race-1.16.8-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.ppc64le",
"product": {
"name": "go1.16-1.16.8-1.1.ppc64le",
"product_id": "go1.16-1.16.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.ppc64le",
"product": {
"name": "go1.16-doc-1.16.8-1.1.ppc64le",
"product_id": "go1.16-doc-1.16.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.ppc64le",
"product": {
"name": "go1.16-race-1.16.8-1.1.ppc64le",
"product_id": "go1.16-race-1.16.8-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.s390x",
"product": {
"name": "go1.16-1.16.8-1.1.s390x",
"product_id": "go1.16-1.16.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.s390x",
"product": {
"name": "go1.16-doc-1.16.8-1.1.s390x",
"product_id": "go1.16-doc-1.16.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.s390x",
"product": {
"name": "go1.16-race-1.16.8-1.1.s390x",
"product_id": "go1.16-race-1.16.8-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.x86_64",
"product": {
"name": "go1.16-1.16.8-1.1.x86_64",
"product_id": "go1.16-1.16.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.x86_64",
"product": {
"name": "go1.16-doc-1.16.8-1.1.x86_64",
"product_id": "go1.16-doc-1.16.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.x86_64",
"product": {
"name": "go1.16-race-1.16.8-1.1.x86_64",
"product_id": "go1.16-race-1.16.8-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64"
},
"product_reference": "go1.16-1.16.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le"
},
"product_reference": "go1.16-1.16.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x"
},
"product_reference": "go1.16-1.16.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64"
},
"product_reference": "go1.16-1.16.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64"
},
"product_reference": "go1.16-doc-1.16.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le"
},
"product_reference": "go1.16-doc-1.16.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x"
},
"product_reference": "go1.16-doc-1.16.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64"
},
"product_reference": "go1.16-doc-1.16.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64"
},
"product_reference": "go1.16-race-1.16.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le"
},
"product_reference": "go1.16-race-1.16.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x"
},
"product_reference": "go1.16-race-1.16.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
},
"product_reference": "go1.16-race-1.16.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27918"
}
],
"notes": [
{
"category": "general",
"text": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27918",
"url": "https://www.suse.com/security/cve/CVE-2021-27918"
},
{
"category": "external",
"summary": "SUSE Bug 1183333 for CVE-2021-27918",
"url": "https://bugzilla.suse.com/1183333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-27918"
},
{
"cve": "CVE-2021-27919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27919"
}
],
"notes": [
{
"category": "general",
"text": "archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27919",
"url": "https://www.suse.com/security/cve/CVE-2021-27919"
},
{
"category": "external",
"summary": "SUSE Bug 1183334 for CVE-2021-27919",
"url": "https://bugzilla.suse.com/1183334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-27919"
},
{
"cve": "CVE-2021-31525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-31525"
}
],
"notes": [
{
"category": "general",
"text": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-31525",
"url": "https://www.suse.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "SUSE Bug 1185790 for CVE-2021-31525",
"url": "https://bugzilla.suse.com/1185790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-31525"
},
{
"cve": "CVE-2021-33195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33195"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33195",
"url": "https://www.suse.com/security/cve/CVE-2021-33195"
},
{
"category": "external",
"summary": "SUSE Bug 1187443 for CVE-2021-33195",
"url": "https://bugzilla.suse.com/1187443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-33195"
},
{
"cve": "CVE-2021-33196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33196"
}
],
"notes": [
{
"category": "general",
"text": "In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive\u0027s header) can cause a NewReader or OpenReader panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33196",
"url": "https://www.suse.com/security/cve/CVE-2021-33196"
},
{
"category": "external",
"summary": "SUSE Bug 1186622 for CVE-2021-33196",
"url": "https://bugzilla.suse.com/1186622"
},
{
"category": "external",
"summary": "SUSE Bug 1190589 for CVE-2021-33196",
"url": "https://bugzilla.suse.com/1190589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33196"
},
{
"cve": "CVE-2021-33197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33197"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33197",
"url": "https://www.suse.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "SUSE Bug 1187444 for CVE-2021-33197",
"url": "https://bugzilla.suse.com/1187444"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-33197"
},
{
"cve": "CVE-2021-33198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33198"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33198",
"url": "https://www.suse.com/security/cve/CVE-2021-33198"
},
{
"category": "external",
"summary": "SUSE Bug 1187445 for CVE-2021-33198",
"url": "https://bugzilla.suse.com/1187445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33198"
},
{
"cve": "CVE-2021-34558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-34558"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-34558",
"url": "https://www.suse.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "SUSE Bug 1188229 for CVE-2021-34558",
"url": "https://bugzilla.suse.com/1188229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-34558"
},
{
"cve": "CVE-2021-36221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36221"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36221",
"url": "https://www.suse.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "SUSE Bug 1189162 for CVE-2021-36221",
"url": "https://bugzilla.suse.com/1189162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-36221"
},
{
"cve": "CVE-2021-39293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39293"
}
],
"notes": [
{
"category": "general",
"text": "In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39293",
"url": "https://www.suse.com/security/cve/CVE-2021-39293"
},
{
"category": "external",
"summary": "SUSE Bug 1190589 for CVE-2021-39293",
"url": "https://bugzilla.suse.com/1190589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-39293"
}
]
}
RHBA-2021:2854
Vulnerability from csaf_redhat - Published: 2021-07-21 17:05 - Updated: 2026-05-14 18:56Summary
Red Hat Bug Fix Advisory: Migration Toolkit for Containers (MTC) 1.4.6 release advisory
Severity
Important
Notes
Topic: The Migration Toolkit for Containers (MTC) 1.4.6 is now available.
Details: The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
9.8 (Critical)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFI_CERT_X509_GUID are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a security threat and breach system integrity, confidentiality and even lead to a denial of service problem.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
7.0 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.
4.8 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
5.3 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
9.8 (Critical)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
9.8 (Critical)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
There's a flaw in libxml2's xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
7.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
8.6 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
There's a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
8.6 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
8.6 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
6.7 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn't configure to prevent XML external entity (XXE) attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
8.1 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins.
4.3 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A cross-site request forgery (CSRF) vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID.
6.3 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs.
4.3 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An integer wraparound was discovered in glib due to passing a 64 bit sized value to function g_memdup() which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses g_bytes_new() function or possibly other functions that use g_memdup() underneath and accept a 64 bits argument as size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
9.8 (Critical)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
5.9 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.
7.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
107 references
Acknowledgments
the Mozilla project
SQLab NCTU Taiwan
zodf0055980
NSLab NTU Taiwan
yuawn
Sebastian Pipping
Demi M. Obenour
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.4.6 is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2021:2854",
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "external",
"summary": "1981537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981537"
},
{
"category": "external",
"summary": "1981794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981794"
},
{
"category": "external",
"summary": "MIG-752",
"url": "https://issues.redhat.com/browse/MIG-752"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhba-2021_2854.json"
}
],
"title": "Red Hat Bug Fix Advisory: Migration Toolkit for Containers (MTC) 1.4.6 release advisory",
"tracking": {
"current_release_date": "2026-05-14T18:56:35+00:00",
"generator": {
"date": "2026-05-14T18:56:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHBA-2021:2854",
"initial_release_date": "2021-07-21T17:05:20+00:00",
"revision_history": [
{
"date": "2021-07-21T17:05:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-07-21T17:05:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T18:56:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.4",
"product": {
"name": "8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.4::el8"
}
}
},
{
"category": "product_name",
"name": "7Server-RHMTC-1.4",
"product": {
"name": "7Server-RHMTC-1.4",
"product_id": "7Server-RHMTC-1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.4.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.4.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.4.6-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.4.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.4.6-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 as a component of 7Server-RHMTC-1.4",
"product_id": "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"relates_to_product_reference": "7Server-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25011",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956919"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: heap-based buffer overflow in PutLE16()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-25011"
},
{
"category": "external",
"summary": "RHBZ#1956919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-25011",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25011"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011"
}
],
"release_date": "2018-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: heap-based buffer overflow in PutLE16()"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
}
],
"cve": "CVE-2020-25648",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2020-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1887319"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nss: TLS 1.3 CCS flood remote DoS Attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects servers that are compiled with the NSS library and when the TLS 1.3 protocol is used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25648"
},
{
"category": "external",
"summary": "RHBZ#1887319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887319"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25648"
},
{
"category": "external",
"summary": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes"
}
],
"release_date": "2020-10-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nss: TLS 1.3 CCS flood remote DoS Attack"
},
{
"cve": "CVE-2020-25692",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2020-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1894567"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openldap: NULL pointer dereference for unauthenticated packet in slapd",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects the server side only. As a result, OpenLDAP client components, such as the component shipped in Red Hat Enterprise Linux 8, are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25692"
},
{
"category": "external",
"summary": "RHBZ#1894567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894567"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25692",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25692"
}
],
"release_date": "2020-10-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openldap: NULL pointer dereference for unauthenticated packet in slapd"
},
{
"cve": "CVE-2020-26541",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2020-10-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1886285"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFI_CERT_X509_GUID are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a security threat and breach system integrity, confidentiality and even lead to a denial of service problem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: security bypass in certs/blacklist.c and certs/system_keyring.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26541"
},
{
"category": "external",
"summary": "RHBZ#1886285",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886285"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26541",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26541"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26541",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26541"
}
],
"release_date": "2020-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: security bypass in certs/blacklist.c and certs/system_keyring.c"
},
{
"cve": "CVE-2020-27216",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2020-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1891132"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system\u0027s temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: local temporary directory hijacking vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27216"
},
{
"category": "external",
"summary": "RHBZ#1891132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27216",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053"
}
],
"release_date": "2020-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "workaround",
"details": "Jetty users should create temp folders outside the normal /tmp structure, and ensure that their permissions are set so as not to be accessible by an attacker.",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: local temporary directory hijacking vulnerability"
},
{
"cve": "CVE-2020-27218",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"discovery_date": "2020-11-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1902826"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: buffer not correctly recycled in Gzip Request inflation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27218"
},
{
"category": "external",
"summary": "RHBZ#1902826",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902826"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27218"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8"
}
],
"release_date": "2020-11-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: buffer not correctly recycled in Gzip Request inflation"
},
{
"cve": "CVE-2020-27223",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1934116"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27223"
},
{
"category": "external",
"summary": "RHBZ#1934116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27223",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7"
}
],
"release_date": "2021-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS"
},
{
"cve": "CVE-2020-36328",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956829"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: heap-based buffer overflow in WebPDecode*Into functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36328"
},
{
"category": "external",
"summary": "RHBZ#1956829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36328",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36328"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328"
}
],
"release_date": "2020-02-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: heap-based buffer overflow in WebPDecode*Into functions"
},
{
"cve": "CVE-2020-36329",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956843"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36329"
},
{
"category": "external",
"summary": "RHBZ#1956843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36329",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36329"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329"
}
],
"release_date": "2020-02-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c"
},
{
"acknowledgments": [
{
"names": [
"zodf0055980"
],
"organization": "SQLab NCTU Taiwan"
}
],
"cve": "CVE-2021-3516",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954225"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in libxml2\u0027s xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The only known exploitation path of this flaw is via the xmllint tool.\n\nThis flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3516"
},
{
"category": "external",
"summary": "RHBZ#1954225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516"
}
],
"release_date": "2021-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by not using xmllint with the --html and --push options together.",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c"
},
{
"acknowledgments": [
{
"names": [
"zodf0055980"
],
"organization": "SQLab NCTU Taiwan"
}
],
"cve": "CVE-2021-3517",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954232"
}
],
"notes": [
{
"category": "description",
"text": "There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3517"
},
{
"category": "external",
"summary": "RHBZ#1954232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c"
},
{
"acknowledgments": [
{
"names": [
"zodf0055980"
],
"organization": "SQLab NCTU Taiwan"
}
],
"cve": "CVE-2021-3518",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954242"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3518"
},
{
"category": "external",
"summary": "RHBZ#1954242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c"
},
{
"cve": "CVE-2021-3520",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954559"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lz4: memory corruption due to an integer overflow bug caused by memmove argument",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for Red Hat Enterprise Linux 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3520"
},
{
"category": "external",
"summary": "RHBZ#1954559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520"
}
],
"release_date": "2021-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "lz4: memory corruption due to an integer overflow bug caused by memmove argument"
},
{
"acknowledgments": [
{
"names": [
"yuawn"
],
"organization": "NSLab NTU Taiwan"
}
],
"cve": "CVE-2021-3537",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2021-05-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956522"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For the flaw to be exploitable, the document must be parsed in recovery mode and post validated (e.g.: when used in the `xmlling` tool, both `-recover` and `-postvalid` options must be used for the flaw to be exploitable)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3537"
},
{
"category": "external",
"summary": "RHBZ#1956522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3537"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537"
}
],
"release_date": "2021-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode"
},
{
"acknowledgments": [
{
"names": [
"Sebastian Pipping"
]
}
],
"cve": "CVE-2021-3541",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1950515"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3541"
},
{
"category": "external",
"summary": "RHBZ#1950515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3541"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541"
}
],
"release_date": "2021-05-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms"
},
{
"acknowledgments": [
{
"names": [
"Demi M. Obenour"
]
}
],
"cve": "CVE-2021-20271",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"discovery_date": "2021-03-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1934125"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rpm: Signature checks bypass via corrupted rpm package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM. It is strongly recommended to only use RPMs from trusted repositories.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20271"
},
{
"category": "external",
"summary": "RHBZ#1934125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20271"
}
],
"release_date": "2021-03-11T22:53:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rpm: Signature checks bypass via corrupted rpm package"
},
{
"cve": "CVE-2021-21642",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1952146"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn\u0027t configure to prevent XML external entity (XXE) attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21642"
},
{
"category": "external",
"summary": "RHBZ#1952146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952146"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21642"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2204",
"url": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2204"
}
],
"release_date": "2021-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks."
},
{
"cve": "CVE-2021-21643",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1952148"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21643"
},
{
"category": "external",
"summary": "RHBZ#1952148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952148"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21643",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21643"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254",
"url": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254"
}
],
"release_date": "2021-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints."
},
{
"cve": "CVE-2021-21644",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1952151"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site request forgery (CSRF) vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21644"
},
{
"category": "external",
"summary": "RHBZ#1952151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21644",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21644"
}
],
"release_date": "2021-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability."
},
{
"cve": "CVE-2021-21645",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1952152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21645"
},
{
"category": "external",
"summary": "RHBZ#1952152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21645"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21645",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21645"
}
],
"release_date": "2021-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints."
},
{
"cve": "CVE-2021-27219",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2021-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1929858"
}
],
"notes": [
{
"category": "description",
"text": "An integer wraparound was discovered in glib due to passing a 64 bit sized value to function g_memdup() which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses g_bytes_new() function or possibly other functions that use g_memdup() underneath and accept a 64 bits argument as size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Applications that just use GBytes to access the data are affected by this flaw but the highest threat is to data confidentiality and/or the application availability, due to possible out-of-bounds reads. However, if the data in GBytes is taken through functions such as g_bytes_unref_to_data or g_bytes_unref_to_array it might be possible to have out-of-bounds writes due to the wrongly reported size of the buffer.\n\nApplications that use g_memdup to duplicate memory with user-controlled sizes should pay extra attention to the fact that g_memdup accepts a guint size instead of gsize. Thus directly passing a gsize value to g_memdup may results in integer truncation, allocating a buffer smaller than expected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27219"
},
{
"category": "external",
"summary": "RHBZ#1929858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929858"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27219"
}
],
"release_date": "2021-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits"
},
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
},
{
"cve": "CVE-2021-33034",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1961305"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33034"
},
{
"category": "external",
"summary": "RHBZ#1961305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33034",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33034"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3"
},
{
"category": "external",
"summary": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl",
"url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl"
},
{
"category": "external",
"summary": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1",
"url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"
}
],
"release_date": "2021-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan"
}
]
}
RHBA-2021:2979
Vulnerability from csaf_redhat - Published: 2021-08-11 05:14 - Updated: 2026-04-29 07:55Summary
Red Hat Bug Fix Advisory: OpenShift Container Platform 4.7.23 packages update
Severity
Moderate
Notes
Topic: Red Hat OpenShift Container Platform release 4.7.23 is now available with
updates to packages and images that fix several bugs.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.7.23. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHSA-2021:2977
All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
5.9 (Medium)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64 | — |
Threats
Impact
Low
A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.
7.5 (High)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
Threats
Impact
Moderate
A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.
5.3 (Medium)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
Threats
Impact
Moderate
A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
Threats
Impact
Moderate
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
6.5 (Medium)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
Workaround
|
Threats
Impact
Low
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.7.23 is now available with\nupdates to packages and images that fix several bugs.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.7.23. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2021:2977\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2021:2979",
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
},
{
"category": "external",
"summary": "1988937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988937"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhba-2021_2979.json"
}
],
"title": "Red Hat Bug Fix Advisory: OpenShift Container Platform 4.7.23 packages update",
"tracking": {
"current_release_date": "2026-04-29T07:55:45+00:00",
"generator": {
"date": "2026-04-29T07:55:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.6"
}
},
"id": "RHBA-2021:2979",
"initial_release_date": "2021-08-11T05:14:36+00:00",
"revision_history": [
{
"date": "2021-08-11T05:14:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-08-11T05:14:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-29T07:55:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.7",
"product": {
"name": "Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.7::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.7",
"product": {
"name": "Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"product": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"product": {
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"product_id": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-release-coreos-0:47.84-1.el8.src",
"product": {
"name": "redhat-release-coreos-0:47.84-1.el8.src",
"product_id": "redhat-release-coreos-0:47.84-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"product": {
"name": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"product_id": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"product": {
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"product_id": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.7.0-202107292242.p0.git.558d959.assembly.stream.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"product": {
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"product_id": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.4-7.rhaos4.7.git6287500.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product_id": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redhat-release-coreos-0:47.84-1.el8.x86_64",
"product": {
"name": "redhat-release-coreos-0:47.84-1.el8.x86_64",
"product_id": "redhat-release-coreos-0:47.84-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product_id": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_id": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.4-7.rhaos4.7.git6287500.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "redhat-release-coreos-0:47.84-1.el8.ppc64le",
"product": {
"name": "redhat-release-coreos-0:47.84-1.el8.ppc64le",
"product_id": "redhat-release-coreos-0:47.84-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_id": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.4-7.rhaos4.7.git6287500.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "redhat-release-coreos-0:47.84-1.el8.s390x",
"product": {
"name": "redhat-release-coreos-0:47.84-1.el8.s390x",
"product_id": "redhat-release-coreos-0:47.84-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product": {
"name": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_id": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product": {
"name": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_id": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-common@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product": {
"name": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_id": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product": {
"name": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_id": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product": {
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product_id": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product": {
"name": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product_id": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-test@4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src"
},
"product_reference": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch"
},
"product_reference": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src"
},
"product_reference": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch"
},
"product_reference": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le"
},
"product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x"
},
"product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le"
},
"product_reference": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x"
},
"product_reference": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src"
},
"product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src"
},
"product_reference": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src"
},
"product_reference": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
},
"product_reference": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
},
"product_reference": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
},
"product_reference": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
},
"product_reference": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-coreos-0:47.84-1.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le"
},
"product_reference": "redhat-release-coreos-0:47.84-1.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-coreos-0:47.84-1.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x"
},
"product_reference": "redhat-release-coreos-0:47.84-1.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-coreos-0:47.84-1.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src"
},
"product_reference": "redhat-release-coreos-0:47.84-1.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-coreos-0:47.84-1.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
},
"product_reference": "redhat-release-coreos-0:47.84-1.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T05:14:36+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
},
{
"cve": "CVE-2021-33195",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989564"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: lookup functions may return invalid host names",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33195"
},
{
"category": "external",
"summary": "RHBZ#1989564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T05:14:36+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: lookup functions may return invalid host names"
},
{
"cve": "CVE-2021-33197",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989570"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "RHBZ#1989570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T05:14:36+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty"
},
{
"cve": "CVE-2021-33198",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989575"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33198"
},
{
"category": "external",
"summary": "RHBZ#1989575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T05:14:36+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents"
},
{
"cve": "CVE-2021-34558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1983596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "RHBZ#1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.15.minor",
"url": "https://golang.org/doc/devel/release#go1.15.minor"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.16.minor",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T05:14:36+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
}
]
}
RHEA-2021:2679
Vulnerability from csaf_redhat - Published: 2021-07-08 18:40 - Updated: 2026-03-19 09:16Summary
Red Hat Enhancement Advisory: ACS 3.62 enhancement update
Severity
Low
Notes
Topic: Red Hat Advanced Cluster security releases a new Operator to simplify installation and accelerate security use cases.
Details: To accelerate implementation of security use cases the Red Hat Advanced Cluster security team has released a new Operator as the primary source of installation on OpenShift 4.6 and above. This will simplify operational the experience by standardizing installation methods through the Operator Framework.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64 | — |
Threats
Impact
Low
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Advanced Cluster security releases a new Operator to simplify installation and accelerate security use cases.",
"title": "Topic"
},
{
"category": "general",
"text": "To accelerate implementation of security use cases the Red Hat Advanced Cluster security team has released a new Operator as the primary source of installation on OpenShift 4.6 and above. This will simplify operational the experience by standardizing installation methods through the Operator Framework.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2021:2679",
"url": "https://access.redhat.com/errata/RHEA-2021:2679"
},
{
"category": "external",
"summary": "http://docs.openshift.com/acs/welcome/",
"url": "http://docs.openshift.com/acs/welcome/"
},
{
"category": "external",
"summary": "ROX-9384",
"url": "https://issues.redhat.com/browse/ROX-9384"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_2679.json"
}
],
"title": "Red Hat Enhancement Advisory: ACS 3.62 enhancement update",
"tracking": {
"current_release_date": "2026-03-19T09:16:21+00:00",
"generator": {
"date": "2026-03-19T09:16:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHEA-2021:2679",
"initial_release_date": "2021-07-08T18:40:34+00:00",
"revision_history": [
{
"date": "2021-07-08T18:40:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-07-08T18:40:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-19T09:16:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 3.62 for RHEL 8",
"product": {
"name": "RHACS 3.62 for RHEL 8",
"product_id": "8Base-RHACS-3.62",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:3.62::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=3.62.0-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=3.62.0-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64 as a component of RHACS 3.62 for RHEL 8",
"product_id": "8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64",
"relates_to_product_reference": "8Base-RHACS-3.62"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64 as a component of RHACS 3.62 for RHEL 8",
"product_id": "8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64",
"relates_to_product_reference": "8Base-RHACS-3.62"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64"
],
"known_not_affected": [
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-08T18:40:34+00:00",
"details": "The RHACS Operator will enable teams to:\n\n1. Speed up the time to show security value using one-click installation procedures in the OpenShift console\n2. Reduce the need for complex configuration procedures\n3. Embrace GitOps practices by using simplified configuration as yaml",
"product_ids": [
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:2679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64",
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
}
]
}
RHSA-2021:2543
Vulnerability from csaf_redhat - Published: 2021-06-24 15:19 - Updated: 2026-04-30 16:09Summary
Red Hat Security Advisory: Red Hat OpenShift Jaeger 1.20.4 security update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat OpenShift Jaeger 1.20.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project,
tailored for installation into an on-premise OpenShift Container Platform
installation.
Security Fix(es):
* libthrift: potential DoS when processing untrusted payloads (CVE-2020-13949)
* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
* nodejs-lodash: command injection via template (CVE-2021-23337)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentially leading to denial of service. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — |
Threats
Impact
Important
A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — |
Threats
Impact
Moderate
A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.
5.3 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
Known not affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Threats
Impact
Moderate
A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.
6.5 (Medium)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — |
Threats
Impact
Moderate
A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables.
7.2 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
Known not affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Threats
Impact
Low
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
5.9 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Jaeger 1.20.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Jaeger is Red Hat\u0027s distribution of the Jaeger project,\ntailored for installation into an on-premise OpenShift Container Platform\ninstallation.\n\nSecurity Fix(es):\n\n* libthrift: potential DoS when processing untrusted payloads (CVE-2020-13949)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2543",
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "1928172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928172"
},
{
"category": "external",
"summary": "1928937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937"
},
{
"category": "external",
"summary": "1928954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2543.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Jaeger 1.20.4 security update",
"tracking": {
"current_release_date": "2026-04-30T16:09:29+00:00",
"generator": {
"date": "2026-04-30T16:09:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2021:2543",
"initial_release_date": "2021-06-24T15:19:30+00:00",
"revision_history": [
{
"date": "2021-06-24T15:19:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-06-24T15:19:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:09:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Jaeger 1.20",
"product": {
"name": "Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jaeger:1.20::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Jaeger"
},
{
"branches": [
{
"category": "product_version",
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"product": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"product": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"product": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"product": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"product": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"product": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.20.4-17"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"product": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"product_id": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"product": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.20.4-18"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.20.4-17"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"product_id": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.20.4-18"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"product": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"product": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"product": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"product": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"product": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"product": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.20.4-17"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"product": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"product_id": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64",
"product": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64",
"product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.20.4-18"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64"
},
"product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x"
},
"product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64"
},
"product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x"
},
"product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64"
},
"product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x"
},
"product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64"
},
"product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x"
},
"product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64"
},
"product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
},
"product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x"
},
"product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64"
},
"product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64"
},
"product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x"
},
"product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x"
},
"product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
},
"product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13949",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928172"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentially leading to denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libthrift: potential DoS when processing untrusted payloads",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* A vulnerable version of the libthrift library is delivered in listed OpenShift Container Platform (OCP) and OpenShift Jaeger (Jaeger) components, but the vulnerable code is not invoked, therefore these components are affected but with impact Moderate. \n\n* For Red Hat OpenStack, because the fix would require a substantial amount of development and OpenDaylight is deprecated in all future versions (RHOSP10 was in tech preview), no update will be provided at this time for the RHOSP libthrift package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"known_not_affected": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13949"
},
{
"category": "external",
"summary": "RHBZ#1928172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13949"
}
],
"release_date": "2021-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libthrift: potential DoS when processing untrusted payloads"
},
{
"cve": "CVE-2020-28362",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2020-11-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1897635"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the math/big package of Go\u0027s standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: panic during recursive division of very large numbers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.\nOpenshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.\n\nOpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"known_not_affected": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28362"
},
{
"category": "external",
"summary": "RHBZ#1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362"
}
],
"release_date": "2020-11-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: panic during recursive division of very large numbers"
},
{
"cve": "CVE-2020-28500",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928954"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x"
],
"known_not_affected": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28500"
},
{
"category": "external",
"summary": "RHBZ#1928954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28500",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905"
}
],
"release_date": "2021-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions"
},
{
"cve": "CVE-2021-3114",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"discovery_date": "2021-01-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1918750"
}
],
"notes": [
{
"category": "description",
"text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: incorrect operations on the P-224 curve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"known_not_affected": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3114"
},
{
"category": "external",
"summary": "RHBZ#1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w",
"url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
}
],
"release_date": "2021-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: incorrect operations on the P-224 curve"
},
{
"cve": "CVE-2021-23337",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2021-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: command injection via template",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable template function.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable template function.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x"
],
"known_not_affected": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23337"
},
{
"category": "external",
"summary": "RHBZ#1928937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724"
}
],
"release_date": "2021-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-lodash: command injection via template"
},
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
}
]
}
RHSA-2021:2704
Vulnerability from csaf_redhat - Published: 2021-07-13 16:56 - Updated: 2026-03-19 09:16Summary
Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.16.0
Severity
Moderate
Notes
Topic: Release of OpenShift Serverless Client kn 1.16.0
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Serverless Client kn 1.16.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.16.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
Security Fix(es):
* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Release of OpenShift Serverless Client kn 1.16.0\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Serverless Client kn 1.16.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.16.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.\n\nSecurity Fix(es):\n\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2704",
"url": "https://access.redhat.com/errata/RHSA-2021:2704"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"category": "external",
"summary": "1937901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901"
},
{
"category": "external",
"summary": "1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "1965503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503"
},
{
"category": "external",
"summary": "1971449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971449"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2704.json"
}
],
"title": "Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.16.0",
"tracking": {
"current_release_date": "2026-03-19T09:16:22+00:00",
"generator": {
"date": "2026-03-19T09:16:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2021:2704",
"initial_release_date": "2021-07-13T16:56:14+00:00",
"revision_history": [
{
"date": "2021-07-13T16:56:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-07-13T16:56:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-19T09:16:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Serverless 1.0",
"product": {
"name": "Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:serverless:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Serverless"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:0.22.0-3.el8.src",
"product": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.src",
"product_id": "openshift-serverless-clients-0:0.22.0-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@0.22.0-3.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:0.22.0-3.el8.x86_64",
"product": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.x86_64",
"product_id": "openshift-serverless-clients-0:0.22.0-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@0.22.0-3.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"product": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"product_id": "openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@0.22.0-3.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"product": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"product_id": "openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@0.22.0-3.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.ppc64le as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le"
},
"product_reference": "openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.s390x as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x"
},
"product_reference": "openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.src as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src"
},
"product_reference": "openshift-serverless-clients-0:0.22.0-3.el8.src",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.x86_64 as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
},
"product_reference": "openshift-serverless-clients-0:0.22.0-3.el8.x86_64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27918",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2021-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937901"
}
],
"notes": [
{
"category": "description",
"text": "An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), Red Hat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization all bundle vulnerable versions of the golang standard library (stdlib). However, no component within each product utilizes the function xml.NewTokenDecoder which is a requirement to be vulnerable. Hence, all affected components are marked as \"Will not fix\". Additionally no OCP container has been listed, as nearly all available containers are compiled with an affected version of Go, but do not utilize the function xml.NewTokenDecoder.\n\nRed Hat Ceph Storage (RHCS), Red Hat Gluster Storage 3 and OpenShift Container Storage 4 also bundles a vulnerable version of golang standard library \u0027encoding/xml\u0027, but does not utilize the function xml.NewTokenDecoder, and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27918"
},
{
"category": "external",
"summary": "RHBZ#1937901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw",
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
}
],
"release_date": "2021-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-13T16:56:14+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index\n\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2704"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader"
},
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-13T16:56:14+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index\n\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2704"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
},
{
"cve": "CVE-2021-33196",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-05-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1965503"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: malformed archive may cause panic or memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* In OpenShift Container Platform and OpenShift Service Mesh, multiple components are written in Go and use archive/zip from the standard library. However, all such components are short lived client side tools, not long lived server side executables. As the maximum impact of this vulnerability is a denial of service in client utilities, this vulnerability is rated Low for OpenShift Container Plaform and OpenShift Service Mesh.\n\n* Although OpenShift distributed tracing (formerly OpenShift Jaeger) components are compiled with a vulnerable version of Go, the vulnerable archive/zip package is currently not used by this product therefore these components are affected but with impact Low. Additionally only core OpenShift distributed tracing components have been listed.\n\n* Although Serverless does ship the affected package, it does not make use of the actual package and hence the impact is low.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s smart-gateway-container and sg-core-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33196"
},
{
"category": "external",
"summary": "RHBZ#1965503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-13T16:56:14+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index\n\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2704"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: archive/zip: malformed archive may cause panic or memory exhaustion"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…